Your audit export file contains a list of events for the given time period.
| Timestamp | The timestamp of when the event file was exported. This value also contains the CEF version, which is always CEF:0. |
| Anaplan identifier | This is always Anaplan, Inc. |
| Hostname | If present, this indicates the hostname for the machine from which the event originated. |
| Service version | The version of the Anaplan service generating the log, if present. |
| Event code | The Anaplan code associated with the audit event. For example, USR-8. |
| Event message | The brief descriptive audit event message associated with the event code. For example user login success. |
| Additional details | The additional details associated with the audit event can include:
|
Tracked audit events
Anaplan tracked audit events list by the filter category in Audit:
- Encryption activity events (BYOK)
- User activity events
- Access control events
- Connection management events
- Integrations events
- PlanIQ events
Example
2021-05-03T22:28:12.000Z CEF:0|Anaplan, Inc.|||USR-8|User login success|id={ID} userId={user ID} tenantId={tenant ID} eventTimeZone=UTC createdDate=1620080893000 createdTimeZone=UTC success={true or false} objectId={associated user ID} ipAddress={IP address} userAgent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 checksum={checksum}
2021-05-04T08:33:04.000Z CEF:0|Anaplan, Inc.|||USR-1|User created|id=1389498298478657536 userId={ID} tenantId={tenant ID} eventTimeZone=UTC createdDate=1620117185000 createdTimeZone=UTC success={true or false} objectId={ID of the created user} ipAddress=127.0.0.1 userAgent=userAgent checksum={checksum}
