You can use the Takeout audit log to see data on who in your organization used Google Takeout to download a copy of their data. The Takeout audit log includes information like when a user started an export and when the export was completed.
To see audit logs for other services and activities, such as Google Drive and user activity, go to the list of available audit logs.
Open the Takeout audit log
From the Admin console Home page, go to Reports.
On the left, under Audit log, click Takeout.
(Optional) To customize what data you see, on the right, click Manage columns . Select the columns that you want to see or hideclick Save.
(Optional) Review ways to filter and export log data and create alerts.
Data you can view
|Event description||Details about the action, such as the name of the user who started the Takeout and the name of the event|
|Products requested||The Google products and services for which user data was exported|
|Job ID||A unique identifier for the user's export job|
|Date||Date and time of the event (displayed in your browser's default time zone)|
The IP address of the user who performed the Takeout event. The IP address is usually the user's physical location, but could be a proxy server or VPN address.
Note: The IP address is hidden by default. You can open it by clicking Manage columns Add new column IP AddressSave.
Details on event names and descriptions
At Add a filter, select a User name to filter data for that user. The audit report shows log entries for each time that an event for that user occurred during the time range that you set. Most event names are self-explanatory. For example, User takeout completed shows when the export was completed.
However, you might see more detailed log data, such as Performed a user takeout. This data logs when the user began the export, the list of products selected for export, and the job ID.
When and how long is data available?
Go to Data retention and lag times.