Audit Indexes
Audit indexes provide event logs on account activities, allowing you to monitor and audit changes. Query the indexes to find a wide variety of information on your account activity.
You can also view data from audit indexes in dashboards when you install these apps:
- Sumo Logic Audit App. Displays data from the Audit Index.
- Enterprise Audit Apps. Display data from the Audit Event Index.
- Sumo Logic Infrequent Data Tier App and Sumo Logic Enterprise Search Audit App. Display data from the Search Audit Index.
- Sumo Logic Flex App. Display data from the Search Audit Index.
Availability of the indexes differs according to your account type. You can enable access to audit indexes in the Policies tab.
Classic UI. In the main Sumo Logic menu, select Administration > Security > Policies.
New UI. In the top menu select Administration, and then under Account Security Settings select Policies. You can also click the Go To... menu at the top of the screen and select Policies.
You can use the Data Volume Index to query your data usage.
Guide Contents​
In this section, we'll introduce the following concepts:
Audit Index
Collect event logs in plain text on account activities, such as account management, user activity, scheduled searches, and alerting.
Search Audit Index
Collect event logs on search activities in your account.
Audit Event Index
Collect event logs in JSON format on account activities for a wide range of actions.
System Event Index
Collect event logs in JSON format on system activities.
Documentation for Audit Log Definitions
See Audit Event Log Definitions documentation for audited events.