Audit Logs
Collects audit logs from your Tines tenant capturing audit logs for administrative actions, security events, and workflow activities.
Sync Type: Incremental
Requirements
Before connecting Monad to Tines, you need:
-
Tines Tenant Domain
- Your unique Tines instance domain
- Format:
company.tines.comorcompany.tines.io - Found in your browser's address bar when logged into Tines (without the
https://prefix)
-
Tines API Key
- Must have
AUDIT_LOG_READpermission - Can be one of the following types:
- Personal API Key
- Service API Key
- Tenant Owner API Key
- Team API Key
- Instructions: Creating API Keys in Tines
- Must have
Creating a Tines API Key
- Log in to your Tines tenant
- Navigate to Settings > API Keys or Team > API Keys
- Click Create API Key
- Provide a descriptive name (e.g., "Monad Audit Logs")
- Ensure the key has AUDIT_LOG_READ permission
- Copy the generated API key and store it securely
Important: API keys provide access to your organization's audit logs. Store them securely and never commit them to version control.
Configuration
The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.
Settings
| Setting | Type | Required | Default | Description |
|---|---|---|---|---|
| Tenant Domain | string | Yes | - | Your unique Tines tenant domain (e.g., company.tines.com). Do not include https:// or trailing slashes. |
| User IDs | array | No | - | Filter audit logs by specific user IDs. When provided, only events initiated by these users will be collected. |
| Operation Names | array | No | - | Filter audit logs by specific operation names (e.g., story.created, credential.updated). When provided, only matching operations will be collected. |
| Backfill Start Time | string | No | Current time | The date to start fetching data from. If not specified, no past records will be fetched. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| API Key | Secret | Yes | Tines API key with AUDIT_LOG_READ permission. Supports Personal, Service, Tenant Owner, or Team keys. |
Troubleshooting
Common Issues
1. Authentication Failures (401 Unauthorized)
Symptoms: Error message indicating unauthorized access
Causes:
- Invalid or expired API key
- API key has been revoked
Solutions:
- Verify the API key is correct and properly copied
- Check that the API key hasn't been revoked in Tines
- Generate a new API key if necessary
2. Permission Denied (403 Forbidden)
Symptoms: Error message indicating forbidden access
Causes:
- API key lacks
AUDIT_LOG_READpermission - API key type doesn't have sufficient privileges
Solutions:
- Verify the API key has
AUDIT_LOG_READpermission - Use a Tenant Owner or Team API key with admin access
- Contact your Tines administrator to grant required permissions
3. Tenant Not Found (404 Not Found)
Symptoms: Error message indicating resource not found
Causes:
- Incorrect tenant domain format
- Tenant domain contains typos or includes
https://prefix
Solutions:
- Verify the tenant domain format:
company.tines.com(nohttps://prefix) - Remove any trailing slashes or URL paths
- Confirm the tenant name matches your Tines instance
4. Invalid Tenant Domain Format
Symptoms: Validation error: "Tenant Domain must be a valid domain"
Causes:
- Tenant domain doesn't contain a period (
.) - Using just the company name without
.tines.com
Solutions:
- Use the full domain:
company.tines.comorcompany.tines.io - Verify the format matches your Tines URL
- Do not use just
company- include the full domain
5. Rate Limit Exceeded (429 Too Many Requests)
Symptoms: Temporary failures with rate limit messages
Causes:
- Exceeded 1,000 requests per minute limit
- Multiple connectors using the same API key
Solutions:
- The connector automatically retries with exponential backoff
- The connector implements automatic rate limiting to prevent hitting limits
- Consider using separate API keys for different connectors
- Wait for the rate limit window to reset (1 minute)
6. No Data Appearing
Symptoms: Connector runs successfully but no events are collected
Causes:
backfill_start_timeset too far in the past (outside retention period)- No audit events occurred during the specified timeframe
- Filters (user_ids or operation_names) are too restrictive
- Audit logging disabled on tenant (rare, usually enabled by default)
Solutions:
- Verify audit events exist in Tines for the specified time range
- Check
backfill_start_timeis within your tenant's data retention period - Remove or adjust filters to ensure events match
- Contact Tines support to confirm audit logging is enabled
7. Duplicate Events
Symptoms: Same events appear multiple times
Causes:
- Normal behavior during initial backfill
- Connector state was reset
Solutions:
- This is expected behavior - Monad automatically deduplicates events
- The
AscendingCursorpattern ensures each event is processed only once based on ID and timestamp - Duplicates are filtered out during processing
8. Missing Recent Events
Symptoms: Recent events don't appear immediately
Causes:
- Slight delay between event occurrence and availability in audit logs
- Events still being processed by Tines
Solutions:
- Wait a few minutes for events to propagate
- The connector's regular polling will catch up automatically
- Verify the events appear in the Tines UI audit logs
9. Invalid Backfill Start Time
Symptoms: Validation error about backfill time format
Causes:
- Backfill time not in RFC3339 format
- Using invalid date/time values
Solutions:
- Use RFC3339 format:
2024-01-01T00:00:00Z - Include timezone (Z for UTC or offset like +05:00)
- Verify the date is valid (not in the future, within retention period)
Related Articles
Sample Record
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"timestamp": "2025-08-11T23:46:52.179Z",
"user_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"user_email": "admin@example.com",
"user_name": "Jane Smith",
"operation_name": "story.created",
"resource_type": "story",
"resource_id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"resource_name": "Production Workflow",
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
"status": "success",
"metadata": {
"changes": {
"field": "name",
"old_value": "disabled",
"new_value": "enabled"
}
},
"organization_id": "e5f6a7b8-c9d0-1234-ef12-345678901234",
"tenant": "acme-corp"
}