SIEM/Logging Integration

You can stream Activity events from your Aptible organization to a SIEM or logging provider for centralized monitoring, alerting, or other compliance needs.

Activity Logs Token

Any user can generate a long-lived Activity Logs token in Settings → Tokens. This token provides read-only access to the activity logs that user can already access, plus the organizational metadata required to retrieve them. For a SIEM integration, we recommend creating a dedicated user and adding them to the Activity Log Viewer Role, which grants read-only access to all activity across your organization.

The token can be valid for however long you choose, up to a year. You’ll need to rotate it in your integration’s configuration on that schedule. These integrations can handle interruption, so you won’t be permanently missing activity if the token lapses: as soon as you replace an expired token, the integration resumes from its last saved position.

Supported Providers

Get started by following the setup guide for your provider:

Hosted Elasticsearch (Elastic Cloud) — via the Custom API integration (HTTPJSON input)
Sumo Logic — via a self-hosted forwarding container

Don’t see your provider? Contact Aptible Support to discuss your integration needs.

Getting Started

Core Concepts

Reference

SIEM/Logging Integration

Activity Logs Token

Supported Providers

Getting Started

Core Concepts

Reference

Documentation Index

​Activity Logs Token

​Supported Providers

Activity Logs Token

Supported Providers