# Audit logging The Arcwise admin panel exposes a [Logs tab](https://admin.arcwise.app/#/event_history) which shows relevant changes to warehouse connections, API integrations, user roles, and more. Audit logs can also be exported as a CSV.

### Logged events Here is a (non-complete) list of events currently logged by Arcwise:

Event / Action	Description
reindex_warehouse_all	Occurs nightly when Arcwise automatically re-indexes your warehouse. A failure event will be logged if any errors are encountered.
create_warehouse_connection update_warehouse_connection	Logged when a new warehouse connection is created or one is updated.
create_role delete_role edit_role	Logged when a new user is added, deleted, or their permissions are edited
create_token delete_token	Logged when a Personal Access Token is created or deleted by a user.

### Accessing audit logs via API Arcwise's audit logs can be accessed via API. First, you'll need an administrator to create an API key ("personal access token"). #### Obtaining a Personal Access Token 1. Log into 2. Click your email / initials at the top right and select "My profile".

3. Scroll down to the "Personal Access Tokens" section and click "+ Create"

4. Provide a name for your token (e.g. "audit\_logs") and hit "Save". Your new token should now appear in the table. Click the "copy" or "view" buttons to obtain your API token and save it to a secure location.\ ![](/files/qtInij4H9oD2K3AS69DV)
5. At any time, you can click the delete button to permanently revoke a token, at which point it will immediately lose access to Arcwise. #### Make an HTTP request to access the event logs Now, you can make a HTTP GET request to to obtain a JSON list of all log entries within a certain timeframe. * Set the `Authorization` header to `Bearer: ` to authenticate with this endpoint. * You can optionally pass in the following query parameters through the URL: | Parameter | Description | | ---------------- | -------------------------------------------------------------------------------------------- | | `from_timestamp` | A UNIX timestamp or ISO date/time string to specify the start time for retrieved event logs. | | `to_timestamp` | A UNIX timestamp or ISO date/time string to specify the end time for retrieved event logs. | | `limit` | An integer indicating the maximum number of logs to return. (Default: 1000) | * The output will be a JSON list where each entry is an object with the following keys:

Key	Description
`event`	Name of the event (e.g. `add_role`, `edit_role`, `delete_role`)
`message`	A description of the event with more details. (may be null)
`timestamp`	The UNIX timestamp when the event took place.
`severity`	One of `info`, `warning`, or `error`.
`user_id`	The Arcwise user ID that initiated the event (may be null)

**Example cURL API request/response** ```basic # Request curl 'https://backend.arcwise.app/api/event_history?limit=1&from_timestamp=1700000000' \ -H 'Authorization: Bearer 12345678-9012-3456-7890-123456789012' -X GET # Response: 200 OK [ { "event": "create_token", "timestamp": 1706599957, "severity": "info", "message": "User 0000-1111-2222 created personal access token 3333-4444-5555", "user_id": "0000-1111-2222" } ] ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.arcwise.app/arcwise-setup/audit-logging.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.