Overview
In any environment where trust needs receipts – proving what happened isn’t optional.
Savant Logs delivers built-in auditing, observability, and usage reporting across Savant – so you can answer the questions that matter, fast, with evidence you can stand behind.
That evidence shows up in three places teams consistently need it most:
SOX compliance and audit readiness
When workflows touch financial data, support month-end close, or feed controls testing, auditors don’t accept "trust us" – they require evidence. Savant Logs creates audit-ready records of key activity: who did what, when they did it, what changed, and what ran – with the context you need to tie actions back to users, workspaces, and workflows.
IT and InfoSec observability
Security and platform teams need visibility into access, permission changes, workflow activity, and configuration updates. Savant Logs provides a centralized event stream you can use to investigate incidents, validate controls, and monitor operational behavior – without stitching together screenshots and exports.
Usage tracking and adoption insights
You also need to understand how Savant is being used – by who, where, and how often. Savant Logs turns platform activity into reportable data so you can measure adoption, spot bottlenecks, and support governance decisions with real numbers.
Savant Logs are generated by default and designed to scale with your automation footprint – so compliance, observability, and usage reporting are first-class capabilities, not afterthoughts.
How It Works
Savant Logs is available in two complementary ways – batch reporting for audit-ready evidence and analytics, plus real-time streaming for security and operational observability.
Batch reporting (in-product log data)
Savant captures audit activity as structured data you can query directly inside Savant workflows. That means you can build, customize, and automate the exact reports your teams need – using the same canvas and workflow patterns you already use for everything else.
Use batch reporting when you need polished, repeatable outputs, ex:
SOX evidence packages – standardized control reports, reviewer-ready exports, time-bounded evidence pulls
Usage reporting – adoption dashboards, workspace and user activity rollups, license and governance reporting
Operational summaries – scheduled run histories, automation coverage, change reporting over a period
Stream logs (to your security and observability stack)
For real-time monitoring, Savant can stream logs out of the platform to your cloud storage: Amazon S3, Azure Blob Storage or Google Cloud Storage. From there, you can route events into the tools your security and IT teams already trust.
Common destinations include observability and SIEM platforms like Splunk, Datadog, Microsoft Sentinel, Elastic (ELK) and Sumo Logic – so you can:
Detect suspicious access and permission changes
Monitor automation behavior and configuration drift
Build alerts for high-risk actions and anomalies
Support incident investigations with a complete event trail
Together, batch reporting and streaming let you choose the right mode for the job – clean evidence reports when you need them, and continuous visibility when you don’t want to wait for a report to tell you something went sideways.
What Is Logged
Savant captures audit activity across the core areas where visibility is typically needed:
Access Control
Login activity, user provisioning, role changes, and deactivation events. Contains event types Auth and RBAC.Operational Activity
Runs and usage history, scheduling, app and trigger settings. Contains event types Execution and Automation.Change Management
Workflow creation, updates, versioning, submissions for review, approvals, rejections, and node configuration changes. Contains event types Flow and Node.
Each audit event includes a UTC timestamp and relevant user and workspace context, and is preserved as part of a centralized audit record.
event_id | timestamp | category | event_type | org_id | org_name | workspace_id | workspace_name | actor_username | actor_role | affected_username | affected_role | role_change | run_id | node_id | path | flow_name | flow_version | node_type | node_name | config |
evt_001 | 09:00:25Z | Auth | auth.login_success | org_01 | ORG | ws_100 | Finance Analytics | sarah.chen | analyst |
|
|
|
|
|
|
|
|
|
| {} |
evt_002 | 09:01:00Z | RBAC | rbac.role_assigned | org_01 | ORG | ws_100 | Finance Analytics | alex.admin | admin | sarah.chen | manager | {"from":"analyst","to":"manager"} |
|
|
|
|
|
|
| {} |
evt_023 | 09:09:30Z | Canvas | canvas.node_config_changed | org_01 | ORG | ws_100 | Finance Analytics | sarah.chen | manager |
|
|
|
| node_001 |
| Q4 Financial Analytics | v1.0 | transform | FX Conversion | {"before":{"formula":"amount * exchange_rate"}, |
evt_026 | 09:10:00Z | Flow | flow.submitted | org_01 | ORG | ws_100 | Finance Analytics | sarah.chen | manager | james.kumar | approver |
|
|
|
| Q4 Financial Analytics | v1.0 |
|
| {} |
evt_030 | 09:23:00Z | Flow | flow.approved | org_01 | ORG | ws_100 | Finance Analytics | james.kumar | approver |
|
|
|
|
|
| Q4 Financial Analytics | v1.1 |
|
| {} |
evt_036 | 09:35:18Z | Execution | execution.run_completed | org_01 | ORG | ws_100 | Operations Analytics | system@scheduler | system |
|
|
| run_301 |
|
| Q4 Financial Analytics | v1.1 |
|
| {"result":"SUCCESS"} |
Using Savant Logs
Savant Logs are available as a built-in system in your Savant org. Teams can use it in two ways – batch reporting for audit and usage reporting, and streaming for observability and security monitoring.
Batch reporting (in Savant)
To access log data in workflows, create a dataset and select Savant Logs from your connections list.
When you create a Savant Logs dataset, choose a pre-built feed – Change Management, Access Control or Operational Activity – then select a time range ex: last 24 hours, last 7 days, last 30 days, last 90 days, last 12 months or last 24 months.
Retention
Log data is retained for the last 90 days for all customers. Longer retention periods are available on higher platform tiers. Contact your Success Manager for details.
Savant also includes optional templated workflows for SOX and usage reporting that demonstrate common patterns for working with log data. Use these templates as-is, customize them for your needs or build your own workflows to review, analyze, and report on activity in the format your teams prefer.
Stream logs (for observability)
For real-time monitoring, org admins can stream logs directly to your cloud storage.
In Org Admin, create a destination connection to Amazon S3, Azure Blob Storage or Google Cloud Storage.
In the same Org Admin area, enable Log Streaming and select the destination connection you want to use.
Once enabled, Savant will continuously deliver log events to your storage destination so you can route them into your preferred observability or SIEM tooling (ex: Splunk, Datadog, Microsoft Sentinel, Elastic, Sumo Logic) for alerting, detection, and investigation.