description: Slack audit logs provide a view of the actions users perform in an Enterprise organization.
referenceURL: https://api.slack.com/enterprise/audit-logs
description: The event id
description: Creation timestamp for the event
description: The action performed. See https://api.slack.com/enterprise/audit-logs#audit_logs_actions
description: An actor will always be a user on a workspace and will be identified by their user ID, such as W123AB456.
description: The type of actor (always user)
description: Information about the user
description: The id of the user ('USLACKUSER' if no user performed the action)
description: The user's display name
description: The user's email
description: The user's team
description: An entity is the thing that the actor has taken the action upon and it will be the Slack ID of the thing.
description: The type of item that was affected by the action (user,channel,file,app,workspace,enterprise,message,workflow)
description: Information about the affected user
description: The id of the user ('USLACKUSER' if no user performed the action)
description: The user's display name
description: The user's email
description: The user's team
description: Information about the affected channel
description: The id of the channel
description: The name of the channel
description: The privacy mode of the channel
description: Whether the channel is shared
description: Whether the channel is shared in the organisation
- name: teams_shared_with
description: The teams the channel is shared with
description: Information about the affected file
description: The id of the file
description: The filename
description: The file title
description: The filetype
description: Information about the affected app
description: The id of the app
description: The name of the app
description: Whether the app is distributed
- name: is_directory_approved
description: Whether the app is in the approved apps directory
description: The OAuth2 scopes the app requires
description: Information about the affected workspace
description: The id of the workspace
description: The name of the workspace
description: The workspace domain
description: Information about the affected enterprise
description: The id of the enterprise
description: The name of the enterprise
description: The enterprise domain
description: Information about the affected workflow
description: The id of the workflow
description: The name of the workflow
description: Information about the affected message
description: The team the message was posted in
description: The channel the message was posted on
description: The timestamp of the message
description: Context is the location that the actor took the action on the entity. It will always be either a Workspace or an Enterprise, with the appropriate ID.
description: The user agent used for the action
description: The ip address the action was performed from
description: The location that the actor took the action on the entity.
description: The location type. It will always be either a Workspace or an Enterprise
description: The location id
description: The location domain
description: The location name
description: Additional details about the audit log event