Skip to main content
All CollectionsGain Insights
Export Torq Activity and Audit Logs to Amazon S3 Automatically
Export Torq Activity and Audit Logs to Amazon S3 Automatically

Set up automatic Audit and Activity Log exports to Amazon S3, ensuring availability for external tools.

Updated over a month ago

Directly export audit and activity logs to Amazon S3 (Simple Storage Service) without relying on workflows or implementing complex logic patterns typically required for precise log export.

Torq’s built-in export capability simplifies configuration, ensuring an efficient and accurate log transfer process. By simplifying log exports, Torq empowers organizations to save time, reduce operational overhead, and meet compliance, security, and audit requirements effortlessly. Key capabilities include:

  • Streamlined Export Configuration: Define the log type and destination in just a few clicks.

  • Log Filtering: Apply JQ filtering for tailored and efficient log exports.

  • Fully Automated Exports: Once configured, log exports run automatically, requiring no further user intervention.

Set Up a Log Export

This guide assumes you have an existing AWS integration. Ensure the integration includes the s3:PutObject permission to upload objects to the specified S3 bucket. For more details, refer to the AWS S3 PutObject documentation.

Follow these steps to configure log export to Amazon S3:

  1. Navigate to Log Export: Go to Settings > Log Export and click Add.

  2. Configure the Log Export: Provide the following details.

    • Name: Enter a meaningful name for the log export.

    • Log Type: Choose the type of log to export:

      • Audit Log

      • Activity Log

    • Integration: Select the AWS integration for the export.

      • Ensure the integration includes the s3:PutObject permission.

    • Region: Choose the AWS S3 region for the export.

    • Bucket: Specify the AWS S3 bucket.

    • Path within Bucket (Optional): Specify the path within the S3 bucket.

    • JSON Query (Optional): Expand the Advanced options section to define a JSON query for extracting specific information from the logs.

      • For example, use .execution.status == "queued" to filter and export only Activity Log entries for queued workflows.

  3. Save and Validate: Click Add to save the configuration. Torq validates the configuration by uploading a test file named verify-<uuid>.

    • If validation fails (e.g., bucket not found, invalid path, or insufficient permissions), an error message will appear in the configuration dialog.

  4. Export Frequency: Log exports are triggered automatically.

    • Every 30 minutes, or

    • When 50 log entries accumulate—whichever comes first.

    This ensures efficient log transfer while minimizing system load. Contact Torq support to customize the export frequency.

  5. Manage the Export: Once added, the log export appears in the list. You can:

    • Edit or delete the configuration.

    • Pause the export if needed.

Automatically Manage Log Exports

Use these steps to create and retrieve log export configurations as part of your workflow logic.

For instance, you can generate a report listing all existing log export configurations, ensuring the most up-to-date details are readily available for auditing or other needs.

  • Create Log Export Configuration: Add a new log export configuration by specifying parameters such as the log type, destination, and AWS integration. Optional parameters include JSON query and Path within the bucket.

    • To retrieve the AWS integration ID, use the Get Integration by Name or List Integrations steps.

  • List Log Export Configurations: View all log export configurations in the workspace, including their details.

  • Get Log Export Configuration: Retrieve detailed information for a specific log export by its ID.

Automatically Create a Log Export for a Different Workspace

You can configure a log export for a different workspace using the AWS integration from your current workspace, provided you have an access token for the destination workspace.

  1. Share the AWS Integration: Use the Create Share Request step to make the AWS integration required for the log export accessible in the destination workspace.

  2. Retrieve the AWS Integration ID: Use the Get integration by name step with the access token from the destination workspace to obtain the AWS integration ID in that workspace.

    • To provide the access token for the destination workspace instead of a Torq integration, open the three-dot menu next to the Integration field and select Set values separately.

  3. Create the Log Export Configuration: Use the Create Log Export Configuration step. Provide the required details:

    • The log type (Audit or Activity Log)

    • The AWS integration ID from the destination workspace

    • The Amazon S3 destination

    • The access token for the destination workspace

Related Articles
Audit Logs & APIs: Streamline Auditing with Torq
Collect Torq Audit or Activity Logs - Workflow Template
Send Torq Audit and Activity Logs to Snowflake - Workflow Template
Send Torq Audit and Activity Logs to S3 Bucket on a Schedule - Workflow Template
Gather Torq Audit or Activity Logs - Workflow Template
Did this answer your question?