JSONKit
Business

Audit Log Entry JSON Example

A structured JSON example for an audit log event — capturing who did what to which resource, when, and from where. Essential for compliance, security monitoring, and debugging production incidents.

{
  "logId": "log_7fKqB2mR",
  "service": "user-service",
  "version": "2.4.1",
  "timestamp": "2025-01-15T14:32:07.841Z",
  "level": "info",
  "action": "user.role_changed",
  "actor": {
    "id": "usr_admin_01",
    "email": "admin@example.com",
    "role": "super_admin",
    "ip": "203.0.113.42",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)"
  },
  "target": {
    "type": "user",
    "id": "usr_9k2mXpQr4t",
    "email": "ravi.mehta@example.com"
  },
  "changes": {
    "role": {
      "from": "member",
      "to": "admin"
    }
  },
  "metadata": {
    "requestId": "req_zXp9Lw",
    "sessionId": "sess_kR3mT8",
    "traceId": "trace_8fK2mQ"
  }
}

Field Reference

logIdstringrequiredUnique identifier for this log entry — never reuse.
servicestringrequiredName of the microservice or application that generated the event.
timestampstring (ISO 8601)requiredWhen the action occurred, in UTC with millisecond precision.
actionstringrequiredDot-namespaced action string: <resource>.<verb> (e.g. user.role_changed).
actorobjectrequiredWho performed the action — user, API key, or automated job.
actor.ipstringoptionalIP address of the actor — required for security audit trails.
targetobjectrequiredThe resource that was acted upon.
changesobjectoptionalDiff of changed fields: { field: { from, to } }.
metadataobjectoptionalCorrelation IDs for distributed tracing: requestId, traceId, sessionId.

Variants

Data export eventGDPR-relevant audit event for user data export requests
Data export event
{
  "logId": "log_9pRqT5nK",
  "service": "gdpr-service",
  "timestamp": "2025-01-15T16:00:00.000Z",
  "level": "warn",
  "action": "user.data_exported",
  "actor": {
    "id": "usr_9k2mXpQr4t",
    "email": "ravi.mehta@example.com",
    "ip": "101.53.22.18"
  },
  "target": {
    "type": "user",
    "id": "usr_9k2mXpQr4t"
  },
  "metadata": {
    "format": "json",
    "sizeBytes": 48210,
    "requestId": "req_exportKq2"
  }
}

Common Use Cases

  • Compliance audit trails for SOC 2, ISO 27001, HIPAA, and GDPR requirements
  • Security incident investigation — who accessed what, when, and from where
  • Debugging production issues by replaying the sequence of events that led to a bug
  • Event sourcing systems where the audit log is the source of truth
  • Alerting on suspicious actions like mass data exports or permission escalations
audit logcompliancesecurityevent sourcingGDPRlogging

Validate or format this JSON

Paste the example above into JSONKit's tools to validate, minify, or explore the structure interactively.

Format →Validate →Minify →

Frequently Asked Questions

GDPR, HIPAA, and SOC 2 each have different requirements but generally mandate: who (actor identity), what (action and changed data), when (precise timestamp in UTC), and where (IP address or system). Consult your compliance framework — HIPAA requires 6-year retention, GDPR requires logs of consent changes and data exports.

Write audit logs to an append-only store — never allow updates or deletes. Use a separate database or service from your main application data (so a compromised app server cannot alter its own logs). Consider cryptographic chaining (each entry hashes the previous) for tamper-evidence, similar to a blockchain.

Log after the action so the log reflects what actually happened, not what was attempted. For high-security operations, log both: a 'requested' event before and a 'completed' or 'failed' event after. The 'changes' field should capture the actual diff, not the intended diff.

Pseudonymize where possible — store user IDs rather than names/emails. If you must store emails for human-readable logs, ensure the log store has the same access controls and retention limits as your main user database. Consider a separate 'lookup' store for ID-to-email resolution that can be purged on deletion requests.

Related JSON Examples

API DesignWebhook EventWebhook event envelope with type, resource object, and retry metadata.BusinessEmployee RecordHR employee record with department, compensation, manager, and employment details.E-commercePayment TransactionPayment transaction with amount, method, gateway reference, and refund history.