Business

Audit Log Entry JSON Example

A structured JSON example for an audit log event — capturing who did what to which resource, when, and from where. Essential for compliance, security monitoring, and debugging production incidents.

{
  "logId": "log_7fKqB2mR",
  "service": "user-service",
  "version": "2.4.1",
  "timestamp": "2025-01-15T14:32:07.841Z",
  "level": "info",
  "action": "user.role_changed",
  "actor": {
    "id": "usr_admin_01",
    "email": "admin@example.com",
    "role": "super_admin",
    "ip": "203.0.113.42",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)"
  },
  "target": {
    "type": "user",
    "id": "usr_9k2mXpQr4t",
    "email": "ravi.mehta@example.com"
  },
  "changes": {
    "role": {
      "from": "member",
      "to": "admin"
    }
  },
  "metadata": {
    "requestId": "req_zXp9Lw",
    "sessionId": "sess_kR3mT8",
    "traceId": "trace_8fK2mQ"
  }
}

Field Reference

logIdrequiredstringUnique identifier for this log entry — never reuse.
servicerequiredstringName of the microservice or application that generated the event.
timestamprequiredstring (ISO 8601)When the action occurred, in UTC with millisecond precision.
actionrequiredstringDot-namespaced action string: <resource>.<verb> (e.g. user.role_changed).
actorrequiredobjectWho performed the action — user, API key, or automated job.
actor.ipoptionalstringIP address of the actor — required for security audit trails.
targetrequiredobjectThe resource that was acted upon.
changesoptionalobjectDiff of changed fields: { field: { from, to } }.
metadataoptionalobjectCorrelation IDs for distributed tracing: requestId, traceId, sessionId.

Variants

Data export eventGDPR-relevant audit event for user data export requests
{
  "logId": "log_9pRqT5nK",
  "service": "gdpr-service",
  "timestamp": "2025-01-15T16:00:00.000Z",
  "level": "warn",
  "action": "user.data_exported",
  "actor": {
    "id": "usr_9k2mXpQr4t",
    "email": "ravi.mehta@example.com",
    "ip": "101.53.22.18"
  },
  "target": {
    "type": "user",
    "id": "usr_9k2mXpQr4t"
  },
  "metadata": {
    "format": "json",
    "sizeBytes": 48210,
    "requestId": "req_exportKq2"
  }
}

Common Use Cases

  • Compliance audit trails for SOC 2, ISO 27001, HIPAA, and GDPR requirements
  • Security incident investigation — who accessed what, when, and from where
  • Debugging production issues by replaying the sequence of events that led to a bug
  • Event sourcing systems where the audit log is the source of truth
  • Alerting on suspicious actions like mass data exports or permission escalations
audit logcompliancesecurityevent sourcingGDPRlogging

Validate or format this JSON

One click loads this exact example into the tool — no copy-paste needed. Format it, validate it, explore the tree, or generate TypeScript types instantly.

Frequently Asked Questions

GDPR, HIPAA, and SOC 2 each have different requirements but generally mandate: who (actor identity), what (action and changed data), when (precise timestamp in UTC), and where (IP address or system). Consult your compliance framework — HIPAA requires 6-year retention, GDPR requires logs of consent changes and data exports.

Write audit logs to an append-only store — never allow updates or deletes. Use a separate database or service from your main application data (so a compromised app server cannot alter its own logs). Consider cryptographic chaining (each entry hashes the previous) for tamper-evidence, similar to a blockchain.

Log after the action so the log reflects what actually happened, not what was attempted. For high-security operations, log both: a 'requested' event before and a 'completed' or 'failed' event after. The 'changes' field should capture the actual diff, not the intended diff.

Pseudonymize where possible — store user IDs rather than names/emails. If you must store emails for human-readable logs, ensure the log store has the same access controls and retention limits as your main user database. Consider a separate 'lookup' store for ID-to-email resolution that can be purged on deletion requests.

Related JSON Examples