Use the information in this section to understand the various types of logs and reporting, and options for collecting and accessing log data.

You can retrieve logs through the Audit page, by using webhooks, or through the API. You can also use the Dashboards page, the Alerts page, and the PingOne App for Splunk to monitor your PingOne environment.


Use the Audit page in the PingOne admin console to run queries on events and actions in the PingOne environment. You can limit the results to a specified time range and define which items to include in the report. PingOne maintains logs for 90 days by default.

To retain PingOne data for longer than 90 days, set up webhooks to stream the data to your own repository and configure your own retention policy. For more information, see Webhooks.

Historical dashboard data and administration configuration change data is retained for two years. Additionally, PingOne DaVinci and DaVinci flow data is not governed by this retention policy.

For more information, see Audit.


Use the Webhooks page in the PingOne admin console to set up subscriptions.

When an event of interest occurs in PingOne, the event is pushed from PingOne to a third-party monitoring system. Webhooks are available in a Splunk-friendly format, a New-Relic-friendly format, and the Ping activity format, which is a versatile, generic JSON format also used by the PingOne API for accessing event data.

For more information, see Webhooks.

PingOne API

Use the PingOne User Activities API to monitor user activities in PingOne. The service uses stream processors that listen to users and login_attempts events. These events are collected and presented by time period.

For more information, see User activities in the PingOne Platform API Reference.

PingOne App for Splunk

Use the PingOne App for Splunk to correlate your PingOne webhook data into a meaningful dashboard. Create custom dashboards and reports, monitor activity data, and analyze event data over time.

For more information, see Installing the PingOne App for Splunk.


Use the Dashboards page in the PingOne console to view and monitor activities for a particular service. Each capability, such as Authentication, Authorization, Identity Verification, and so on, has its own dashboard.

For more information, see PingOne Dashboards.


Use the Alerts page in the PingOne console to set up alert messages based on the status of certain resources. The alerts are limited to events related to certificates, key pairs, and gateways.

For more information, see Alerts.