Regardless of whether PingDataGovernance Server is configured to evaluate a policy in Embedded or External mode, a policy-decision file logs every policy decision per request. This file is located at PingDataGovernance/logs/policy-decision and contains the following information:

Policy-decision response
Each client request triggers a policy-decision response that specifies the inbound actions to perform, and another policy-decision response that specifies the outbound actions to perform. If you think of a policy-decision response as a set or decision tree of policies, all inbound and outbound requests are read from that set or tree.

Policy rules determine whether a request is denied, permitted, or indeterminate.

Most recent policy decision
To debug the most recent inbound request, open the policy-decision log file and locate the highest DECISION requestID in the section near the bottom of the file. In the following example, [08/May/2019:15:35:04.791 -0500] "DECISION requestID=46" represents the most recent request, and action equals "inbound-GET".
[08/May/2019:15:35:04.791 -0500] DECISION requestID=46 correlationID="0349a205-6aeb-4bd6-923b-c777bcef2241" 
product="Ping Identity Data Governance Server" instanceName="dgl" startupID="XNM9Hw==" threadID=140 
from=[0:0:0:0:0:0:0:l]:49882 method=GET url="https://0:0:0:0:0:0:0:1:8443/jokes/random" clientId="" 
action="inbound-GET" service="Random Joke API" domain="" identityProvider="Mock
Access Token Validator" resourcePath="" deploymentPackageId="95c5864c-b7ab-4588-a3d6-99d99d09fafc"
decisionId="734fc520-ffle-4f80-970a-12100cdd7646" authorized="true" decision="PERMIT" decisionStatusCode="OKAY" adviceIds=""

  "id" : "734fc520-ffle-4f80-970a-12100cdd7646",
  "deploymentPackageId" : "95c5864c-b7ab-4588-a3d6-99d99d09fafc",
  "elapsedTime" : 1036,
  "request" : {

Alternatively, you can use the most recent request timestamp to locate the most recent request.

Policy advice
If the policy contains advice, it is logged after the policy-decision response JSON. Advice features the same corresponding requestID as the most recent policy decision, as the following example shows.
[08/May/2019:15:35:05.377 -0500] ADVICE requestID=46 correlationID="0349a205-6aeb-4bd6-923b-c777bcef2241" product="Ping Identity
Data Governance Server" instanceName="dgl" startupID="XNRLuQ==" threadID=139 from=[0:0:0:0:0:0:0:l]:56475 method=GET url="https:
0:0:0:0:0:0:0:l:8443/jokes/random" clientId="" action="outbound-GET" service="Random Joke API" resourcePath=""
deploymentPackageId="026ab83d-5ed5-41f1-ada7-a50af5d02133" decisionId="0331232d-cd9e-43fc-8804-c2f8b0c23674" authorized="false"
decision="DENY" decisionStatusCode="OKAY" advicelmplId="denied-reason" adviceImplName="Denied Reason Advice" obligatory="false"

To increase the level of detail that is returned in PDP decision responses, configure the Policy Decision Service as follows.

dsconfig set-policy-decision-service-prop \
  --add decision-response-view:decision-tree \
  --add decision-response-view:request \
  --add decision-response-view:evaluated-entities \
  --add decision-response-view:evaluation-log-with-attribute-values