Audit Trail Troubleshooting & FAQs

Troubleshooting

No Events Displayed

Symptom: Audit trail table is empty

Causes:

• No events in selected date range
• Filters too restrictive (category, user, status)
• Database connection error

Solutions:

1. Expand date range to last 90 days
2. Clear all filters (reset button)
3. Check database connection: `/admin/health`
4. Verify logs exist: `SELECT COUNT(*) FROM "AuditLog"`

Slow Loading

Symptom: Table takes >5 seconds to load

Causes:

• Large date range (>90 days)
• No database indexes on `createdAt` or `event`
• Slow network connection

Solutions:

1. Reduce date range to last 7-30 days
2. Add database index: `CREATE INDEX idx_audit_created ON "AuditLog"("createdAt")`
3. Use category filter to reduce result set

Export Fails

Symptom: CSV/JSON export button returns error

Causes:

• Too many events (>10,000 rows)
• Browser memory limit exceeded
• API timeout (>30 seconds)

Solutions:

1. Reduce date range before exporting
2. Export in smaller batches (weekly chunks)
3. Contact admin for direct database export

FAQs

Q: Can audit events be deleted?
A: No. Audit trail is immutable for compliance. Events auto-archive after 90 days.

Q: Who can see audit trail?
A: Only users with `analytics:read` permission (Admins and Super Admins).

Q: How long are events stored?
A: Database: 90 days. Grafana/Loki: 180 days. Archived: Indefinitely (cold storage).

Q: Can I see events from other deployments?
A: Super Admins: Yes (all deployments). Admins: Only their assigned deployment.

Q: What if I need older events?
A: Contact Super Admin for cold storage retrieval (S3 or equivalent).