Start with the endpoint response, then verify the deployed release’s event coverage and the collection logic used by the consuming system.
Symptom guide
| Symptom | Check | Resolution |
|---|---|---|
| 401 response | Authorization header and token validity | Send a current organization-management JWT |
| 403 response | Caller role | Use an organization owner or admin account |
| Expected record is absent | Event coverage, organization scope, action name, and collection time | Confirm the release emits that event and remove over-narrow filters |
| Filter returns no records | Exact action value and target-type/target-ID pairing | Load event types and use the returned value; pair target ID with target type |
| Export stops at 100 records | Pagination metadata | Continue until has_next is false |
| Actor, date, IP, or success filter seems ignored | Supported query parameters | Retrieve paginated records and apply those filters client-side |
| Details are incomplete | Event-specific schema and background-job behavior | Inspect the event type; IP address and user agent may be null |
| Compliance export is incomplete | Raw page coverage and retention window | Re-run a complete paginated export and document the collection boundary |
Troubleshooting workflow
- Reproduce with a direct request from the endpoint reference.
- Confirm organization slug, caller role, and response pagination.
- Compare the requested action with the event-types endpoint.
- Remove filters, then reintroduce them one at a time.
- Verify the source action is covered by the deployed release.
- Preserve raw responses before client-side filtering or export transforms.
Original troubleshooting guidance
Troubleshooting:
- Use audit logs to track configuration changes
- Compare timestamps with issue reports
- Check
detailsfield for context - Verify actor identity for change management