Filter & export log data & create alerts

You can customize what you review for any audit log in your Google Admin console. You can also set up alerts for certain activities.

Filter audit log data by user or activity

You can review specific events or user and admin activities. For example, find every time an admin changed a password for a particular user.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Reports.
  3. On the left, under Audit, click an audit topic.
  4. Click Add a filter.
  5. Select and enter the criteria for your filter and if needed, click Apply.

    For example, select Event name and then an event to see log entries for each time the event occurred.

Filter by organizational unit

You can filter by organizational unit to compare statistics between organizational units in a domain.

  1. Open your report as shown above.
  2. At the top, click Organizational unit.
  3. Select an organizational unit and click Apply.

Filter by date

  1. Open your report as shown above.
  2. At the top, click Date range.
  3. Select a period from the list or enter a start and end date and time.
  4. If needed, click Apply.

You can only filter the current organizational unit hierarchy, even when searching for older data. Data before December 20, 2018 will not appear in the filtered results.

Export your audit log data

You can export a maximum of 100,000 rows to Google Sheets or a CSV file.

  1. Open your audit log as shown above.
  2. (Optional) To change the data to include in your export, click Manage columns Manage columns, select or remove the columns that you want to export, and click Save.
  3. Click Download .
  4. Under Select columns, click Currently selected columns or All columns.
  5. Select a format and click Download.

Create email alerts

Track specific activities by setting up email alerts. Admin-email alerts are based on system defined rules on the security rules page. For example, get an alert whenever there’s a suspicious sign-in attempt.

  1. Open your audit log as shown above.
  2. Click Add a filter.
  3. Enter or select the criteria for your filter and click Create reporting rule "".
  4. Enter a name for the rule.
  5. (Optional) To send the alert to all super admins, under Recipients, click Turn on "".
  6. Enter the email addresses of the recipients and click Create.
Learn more about setting up and editing admin email alerts.
Was this helpful?
How can we improve it?