Activity Log
Overview
The Activity Log is the audit trail for your workspace. It records who did what, when, from which IP address, and on which device — every sign-in, workspace switch, inbox action, team change, broadcast, and webhook. Open it from More → Activity Log.
It draws from the same records the inbox and admin areas write to, so it is a single, trustworthy source of truth rather than a separate log that could drift out of sync. Sign-ins, sign-outs, and workspace switches are recorded automatically.
Who can open this page: The Activity Log is for Admins and above. Agents and viewers do not have access; this is an oversight tool for the people running the workspace.
What Gets Recorded
Each entry captures a consistent set of fields:
| Field | Meaning |
|---|---|
| Timestamp | When it happened. Entries can never be changed once written. |
| Actor | The user who did it; shows as "System" when there is no signed-in user (for example a background task). |
| Action | What was done — for example "Signed in" or "Assigned conversation". |
| Subject | What it affected — the item type and, where relevant, its number (e.g. user #42). |
| Result | Success, warning, or failure — each shown in its own color. |
| IP address / Device | Where the action came from. |
| Layer | Whether the entry was written at the workspace or platform level. |
| Details | Extra information specific to the event, shown neatly formatted in the detail panel. |
Actions are grouped into readable categories:
| Category | What it covers |
|---|---|
| Auth | Sign-in, sign-out, failed login attempts, and password resets. |
| Inbox (conversation) | Conversations assigned, resolved, reopened, snoozed, and replied to. |
| Notes | Internal notes added or deleted. |
| Teams | Teams created, updated, or deleted, plus members invited, role-changed, or removed. |
| Broadcasts | Bulk-send events. |
| Webhooks | Webhooks that fired or were tested. |
| Workspace | Workspace switches and other workspace-level changes. |
| Impersonation | When a platform admin acts on behalf of a user. |
Scope: Entries are workspace-scoped. The default My activity view shows only what you did; switch to the Workspace view to see everyone's actions in the current workspace.
Reading the Log
The top of the page gives you five KPI cards for the selected time window:
| KPI | What it counts |
|---|---|
| Total events | All entries in the period, with a percentage change versus the previous period of equal length. |
| Sign-ins | The number of sign-in events. |
| Writes | Actions that changed something — things created, updated, deleted, assigned, replied to, or resolved. |
| Reads / other | Everything that is neither a sign-in nor a change (passive views). |
| Unique IPs | The number of distinct IP addresses seen in the period. |
Below the KPIs:
- A volume chart plots events over time, switchable between daily, hourly, and weekly buckets, split into auth / writes / other series.
- An event-split donut shows the auth / writes / reads mix at a glance.
- A Top actors panel ranks the four most active users in the window (with initials, event count, and last-seen time).
- A By category bar chart shows which kinds of events dominated (zero-count categories are dropped).
The main table lists individual events. Click any row to open the Event detail panel on the right, which shows the action in plain language, its category, level, the user who did it, the exact time, what was affected, the IP address, the full device details, and any extra information about the event. Actions read in plain English — for example "Signed in", "Switched workspace", and "Assigned conversation".
Filtering & Search
Narrow the log with the controls in the table header and the page header:
| Control | Options |
|---|---|
| Time range | Last 24 hours, 7 days (default), 30 days, or 90 days. |
| Scope | My activity (default) or the whole Workspace. |
| Category | One event family (Auth, Inbox, Notes, Teams, Broadcasts, Webhooks, Workspace, Impersonation, Other), with live counts in the dropdown. |
| Grouping | Daily, hourly, or weekly — controls how the volume chart is grouped. |
| Search | Free-text match across the action name, the item type affected, and the IP address. |
| Reset filters | Clears everything back to defaults. |
Use the Refresh button to reload with the latest events (the page can refresh its rows and stats without a full reload), and pagination at the bottom (20 per page) to move through history.
Note on search: Search only matches the action name, the item type affected, and the IP address — it does not search inside an event's extra details. To see those, open the row's Event detail panel.
Exporting
Click Export CSV to download the current time range and scope as a spreadsheet. The export includes the full details of each event — the time, the level, who did it, the workspace, the action, what was affected, the IP address, and the device — and handles even large ranges cleanly. This is handy for compliance archives, incident reviews, or feeding into your own reporting.
Tip: The Activity Log pairs naturally with Team Members & Roles. If you spot an unexpected role change or removal, the log records exactly who made it and when. For platform-wide auditing across all workspaces, the Admin Panel has its own audit view.
Troubleshooting
| Symptom | Likely cause & fix |
|---|---|
| The page redirects me away | You are below Admin in this workspace. Only Admin and Owner can open the Activity Log. |
| "My activity" looks empty | The default scope shows only your own actions. Switch the scope to Workspace to see everyone, or widen the time range. |
| Switching to the same workspace twice has no entry | By design — re-entering the workspace you are already in is skipped so it does not clutter the log. |
| Search did not find a detail value | Search covers the action name, the item type affected, and the IP address only. Open the row to read an event's full details. |
| Counts differ from the dashboard activity widget | The dashboard widget hides sign-in, session, and user-account events; the Activity Log shows them all. |
| An entry shows actor "System" | The event had no signed-in user (for example a background task or an unauthenticated event). |