Get audit and debug logs

PingOne Advanced Identity Cloud provides audit and debug logs to help you manage your tenant:

Use audit logs to investigate user and system behavior.
Use debug logs to investigate any issues that can arise in production.

You can access logs using one of the following methods:

Direct log access using REST API: Retrieve log events directly from the /monitoring/logs REST API endpoint. With this method, you access each of your tenant environments individually and use REST API filters to refine log results. Learn more in Retrieve log entries using REST API.
External monitoring tool using log streaming: Use the /environment/telemetry/* REST API endpoints to configure each of your tenant environments to steam logs to an external monitoring tool or Security Information and Event Management (SIEM) for real-time security monitoring and error detection. This method lets you access a single external tool and use its interface to refine log results. You can integrate with Splunk or an OpenTelemetry-compatible SIEM such as Grafana Cloud, Datadog, or New Relic. Learn more in Stream logs to an external monitoring tool.
Advanced Identity Cloud admin console: Monitor log entries in the admin console. This beta feature is limited to development and sandbox^[1] environments. Learn more in Monitor log entries in the admin console.

Advanced Identity Cloud stores logs in various log sources. When you retrieve or stream logs, you’ll need to specify which sources you’re interested in.

Advanced Identity Cloud stores logs for 30 days.

1. A sandbox environment is an add-on capability.