> ## Documentation Index
> Fetch the complete documentation index at: https://flipt-oci-manifest-version.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> This document describes Flipt's auditing capabilities.

Audit Events are pieces of data that describe a particular thing that has happened in a system. At Flipt, we provide the functionality of processing and batching these audit events and an abstraction for sending these audit events to a sink.

## Events

Flipt supports sending audit events to configured sinks. Audit events have the following structure:

```json
{
  "version": "0.1",
  "type": "flag",
  "action": "created",
  "metadata": {
    "actor": {
      "authentication": "none",
      "ip": "172.17.0.1"
    }
  },
  "payload": {
    "description": "flipt flag",
    "enabled": true,
    "key": "flipt",
    "name": "flipt",
    "namespace_key": "default"
  },
  "timestamp": "1970-01-01T00:00:00Z"
}
```

* `version` : the version of the audit event structure. We don't expect too many changes to the structure of the audit event
* `type` : the type of the entity being acted upon (flag, variant, constraint, etc.)
* `action` : the action taken upon the entity (created, deleted, updated, etc.)
* `metadata` : extra information related to the audit event as a whole. The `actor` field will always be present containing some identity information of the source which initiated the audit event
* `payload` : the actual payload used to interact with the `Flipt` server for certain auditable events
* `timestamp`: the time the event was created

Currently, we support the following sinks for audit events:

* Log File: the audit events are JSON encoded and new-line delimited. You can find the configuration in the [Audit Events - Log File](/configuration/overview#audit-events-log-file) section of the Configuration documentation.

* Webhook: the audit events are sent to a URL of your choice. You can find the configuration in the [Audit Events - Webhook](/configuration/overview#audit-events-webhook) section of the Configuration documentation.

You can find [examples](https://github.com/flipt-io/flipt/tree/main/examples/audit) in the main GitHub repository on how to enable audit events and how to tune configuration for it.

## Event Filtering

Starting from [v1.27.0](https://github.com/flipt-io/flipt/releases/tag/v1.27.0), you can specify configuration for which events you would like to receive on your audit sink.

An always up to date list of events supported is available in our [GitHub repository](https://github.com/flipt-io/flipt/blob/main/internal/server/audit/README.md).

Events are specified in the format of `noun:verb`. You can also specify a wild card for either the noun or the verb. For instance `*:created` corresponds to all `created` events for every entity. Furthermore, `flag:*` corresponds to all `flag` events, and `*:*` corresponds to every single event.

Examples of configuring events include:

```
flag:created
namespace:created
flag:*
rollout:deleted
rule:deleted
*:updated
```