> ## Documentation Index
> Fetch the complete documentation index at: https://docs.controlplane.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Trail

> Tamper-proof audit trail for tracking all Control Plane and custom workload actions. Covers UI filtering, API queries, and custom workload audit integration.

## Overview

Control Plane exposes a tamper-proof audit trail service for both Control Plane and custom workload actions. A [UI](#audit-trail-ui) is available to search, filter, and view the actions.

Each action that occurs on the Control Plane UI console or [CLI](/cli-reference/overview) is reliably captured, securely stored, and indexed using the audit trail. When using the Control Plane UI console, most resources have an audit trail link that will redirect to the audit trail page with the resource ID prefilled. Additional filters can be added to drill-down to specific events.

Your custom workloads can leverage this robust audit trail service without having to build your own. Please refer to [custom workloads](#custom-workloads) for additional details.

## Audit Trail UI

The audit trail UI displays the details of each action that has been captured.

Each action contains:

* Timestamp
* Name of resource
* Kind of resource
* Version
* Results
* Message
* Subject (the user that acted)
* Link to display the raw JSON of the events

The actions displayed can be filtered by:

* Kind of resource
* Audit Context (the `cpln` audit context will only display Control Plane actions)
* Resource name or ID
* Subject Name
* Start and optional end date

## Sample Audit Trail UI

Below is a sample of the audit trail UI after executing a query showing all actions that occurred:

<Frame>
  <img src="https://mintcdn.com/controlplanecorporation/hwvJiAoqIziVJ3gK/images/reference/audittrail/log-ui-audit-trail.png?fit=max&auto=format&n=hwvJiAoqIziVJ3gK&q=85&s=03c5ebfecb3c77dd37242862a590237f" alt="Audit trail UI showing a filtered list of captured actions with timestamps, principals, and action types" width="1599" height="1075" data-path="images/reference/audittrail/log-ui-audit-trail.png" />
</Frame>

## Custom Workloads

The architecture of the audit trail is generic and allows any [workload](/concepts/workload) to capture any action securely and reliably.

For your [workload](/concepts/workload) to use the audit trail, it must first create an [audit context](/reference/auditctx). Refer to the [audit context](/reference/auditctx) reference page for additional details.

**COMING SOON**: Detailed instructions on how your workload can use the audit trail service.

### View Custom Audit Trail

To view the actions that have been captured by your workload, you can use:

* The Control Plane Audit Trail UI:
  * Within the UI, you can select the [audit context](/reference/auditctx) and only view those actions.
* The Control Plane audit API:
  * Leveraging the API, you can create a custom UI to display the audit data.
  * View the [Audit API OpenAPI spec](https://audit.cpln.io/openapi.json) to review the audit schema and available methods.