1. Slack Help Centre
  2. Workspace administration
  3. Slack data & analytics
    4. Audit logs in Slack

Audit logs in Slack

On Enterprise subscriptions, audit logs provide a record of changes and usage that help keep your organisation secure and protect against misuse. You can view audit logs directly in Slack, export them as a CSV and use the Audit Logs API to create custom monitoring tools. 


View audit logs

  1. From your desktop, click your organisation name in the sidebar.
  2. Hover over Tools & settings, then click Organisation settings.
  3. From the left sidebar, select  Security, then click on Audit logs.
  4. Use the drop-down menus to filter the log entries by Acting user, Event, Affects or Date range and review the log entries below.
  5. If you like, click on Export logs in the top-right corner, then select a formatting option from the drop-down menu to download them.


Export search query logs

The org primary owner and Roles Admins can create and assign a custom role that has permission to export a list of search query logs (the role must include the Access search query logs and Read audit logs permissions). When you export a search query log, it will include a list of completed searches by members of your organisation that you can customise by member, search term and date range.

  1. From your desktop, click your organisation name in the sidebar.
  2. Hover over Tools & settings, then click Organisation settings.
  3. From the left sidebar, select  Security, then click on Audit logs.
  4. Click Export logs in the top-right corner, then select Export search queries.
  5. Customise your search query export, then click Export.

Note: By default, search query logs are kept for a maximum of 90 days but they may be deleted sooner based on your organisation’s data retention policy.


Monitor anomaly events

Anomaly events can surface potentially suspicious user and app activity in your organisation. Use the audit logs or the Audit Logs API to monitor anomaly events, and help determine whether the activity is expected. 

  1. From your desktop, click your organisation name in the sidebar.
  2. Hover over Tools & settings, then click Organisation settings.
  3. From the left-hand sidebar, select  Security, then click Audit logs.
  4. Click the Security detections tab.
  5. If you like, you can click   Filters and use the drop-down menus to filter the log entries.

Tip: You can manually sign members out by clicking the   three dots icon next to an anomaly audit log entry, then selecting Sign out of Slack. If you like, you can also configure an automatic anomaly event response


Use the Audit Logs API

We built the Audit Logs API for Enterprise orgs with security, legal and compliance in mind. Use the Audit logs API to:

  • Send data to a security information and event management (SIEM) tool.
  • Watch out for potential security issues or malicious attempts to access your org.
  • Build custom apps for better insight into how your company uses Slack. 

Note: The availability of audit log data prior to upgrading to an Enterprise subscription depends on your previous subscription. To learn more about audit logs, contact our Support team.  

Who can use this feature?
  • Org owners and members with the audit logs admin system role
  • Available on Enterprise subscriptions

Nice one!

Thanks a lot for your feedback!

If you’d like a member of our support team to respond to you, please send a message to feedback@slack.com.

Was this article helpful?Yes, thanks!Not really
Sorry about that. What did you find most unhelpful?
0/600
Submit article feedback

If you’d like a member of our support team to respond to you, please send a message to feedback@slack.com.

Whoops! We’re having some problems. Please try again later.