Skip to main content

Event Log Publication

Publish your SmartSuite logs to S3 for SIEM analysis or other activity tracking

Peter Novosel avatar
Written by Peter Novosel
Updated over a week ago

Welcome to the SmartSuite Event Log Publishing feature — your organization’s direct, real-time data feed for workspace activity and audit events.

This guide explains how SmartSuite automatically delivers JSON-formatted event logs to your organization’s Amazon S3 bucket, giving you complete visibility into every user action, automation event, and system change across your SmartSuite workspaces.

Plan Availability

Enterprise, Signature

Permissions

Administrators

Related Reading

Configuring Single Sign-On (SSO)

NOTE:

To configure Event Log Publication, please reach out to your SmartSuite customer service representative. It's initial configuration requires coordination with your network security team.

Why Use Event Log Publishing?

SmartSuite’s Event Log Publishing feed enables your organization to achieve enterprise-grade observability, analytics, and compliance by allowing you to:

  • 🔍 Ingest activity data into your SIEM platform (e.g., Splunk, Datadog, or Microsoft Sentinel) for threat detection, incident response, and forensic analysis.

  • 📊 Load event data into a data warehouse (e.g., Snowflake, BigQuery, or Redshift) for advanced analytics, reporting, and business intelligence.

  • 🧾 Maintain a durable, timestamped audit trail to meet regulatory, governance, and change management requirements.

Once enabled, SmartSuite continuously streams structured JSON event data to your S3 bucket in near real-time. Each file contains a JSON array of event objects representing actions performed by users, automations, or the system itself.

What’s Included

The Event Log Publishing feed provides complete visibility into who did what, where, and when inside SmartSuite.
Each event includes:

  • Core context — user, workspace, and timestamp information

  • Event classification — the activity type and the entity involved (record, field, application, or solution)

  • Detailed metadata — an event-specific payload describing what changed and how

For example, when a field value changes, the metadata shows both the previous and new values, along with the field slug and label, giving you a precise and auditable record of every modification.

Designed for Enterprise Integration

SmartSuite’s event feed integrates seamlessly into your existing infrastructure and workflows:

  • Security teams can correlate SmartSuite activity with logs from other systems in their SIEM for continuous monitoring and threat detection.

  • Data engineers can ingest logs into a data lake or warehouse for custom analytics, visualization, or machine learning pipelines.

  • Compliance and audit teams can retain immutable logs for long-term evidence, policy enforcement, and investigations.

This data stream provides end-to-end traceability across your SmartSuite environment — from individual user actions to automation-driven updates.

Data Structure: Understanding the JSON Fields

Each file delivered to your S3 bucket contains a JSON array of event objects.
Every event, regardless of type, includes a shared set of core fields that provide consistent context.

Field

Type

Description

id

String

A unique identifier for this specific log entry.

account_slug

String

The unique identifier for the SmartSuite Workspace where the event occurred.

actor_email

String

The email address of the user or automation that performed the action.

solution_id

String

The unique ID of the SmartSuite Solution (the top-level container, such as a project or department).

application_id

String

The unique ID of the SmartSuite Application (e.g., a table like “Projects” or “Tasks”) where the event took place.

record_id

String

The unique ID of the specific Record (row or item) that was affected.

activity_type

String

The key field that defines what action occurred. See the full list of event types below.

activity_at

Timestamp

The exact UTC time the event occurred (e.g., 2025-09-26T23:34:24.697Z).

metadata

String

A JSON string containing detailed, event-specific information. See The metadata Field below.

command_id

String

An internal identifier used by SmartSuite for tracing related actions within a transaction or automation.

The metadata Field: The Event Payload

The metadata field contains the specific details of each event.
Its contents vary depending on the activity_type. The most detailed and common example is the record_field_update event.

When a field is updated, metadata includes:

  • field — An object describing the field that was changed, including its slug, label, and field_type.

  • currentValue — The new value after the update.

  • previousValue — The prior value before the update, allowing you to audit exactly what changed.

  • automationData — If the change was made by a SmartSuite automation, this object includes the automation ID.

Metadata Examples by Event Type

Below are anonymized examples of metadata JSON payloads for common event types:

record_field_update

A detailed payload showing the state of a field before and after a change:

{
  "field": {
    "slug": "s8b2a91a55",
    "label": "Project Status",
    "field_type": "statusfield"
  },
  "currentValue": "Completed",
  "previousValue": "In Progress",
  "automationData": {
    "id": "44ef1dea-8f08-49e1-a9e7-b1c2d3e4f5a6"
  }
}

solution_grant_permission

A team was granted “Full Access” to a Solution:

{
  "grantee_type": "team",
  "team_id": "64aef36e31e4f17d0cb2ce9e",
  "permission_level": "Full Access"
}

comment_create

A new comment was added to a record:

{
  "comment_id": "9b1d8c7b-f6a5-4e3d-2c1b-a0e9f8d7c6b5",
  "content_preview": "This is a new comment on the task..."
}

records_export

A record export was performed:

{
  "format": "csv",
  "record_count": 250
}

Event Types (activity_type) Explained

Each SmartSuite event includes an activity_type field that identifies the specific action that occurred.


These activity types are grouped into logical categories to make it easy for your teams to filter, analyze, or alert on specific types of events in your SIEM or data platform.

Record & Field Management

These events capture user and automation interactions with SmartSuite records, fields, and application data.

Event

Description

record_field_update

Triggered when a value in a field changes. The most detailed event type, containing both previous and new values for precise auditing.

record_delete

A record (row) was deleted from an application.

record_restore

A previously deleted record was restored.

records_export

A user exported a set of records, typically to a CSV or Excel file.

field_create

A new field (column) was added to an application.

field_delete

A field was deleted from an application.

field_restore

A previously deleted field was restored.

💡 Tip: record_field_update events are ideal for detecting unexpected data modifications or for maintaining audit trails across critical workflows.

Permissions & Access Control

These events record when users or teams gain or lose access to SmartSuite Solutions or Applications.

Event

Description

solution_grant_permission

A user or team was granted access to an entire Solution.

solution_remove_permission

A user’s or team’s access to a Solution was revoked.

application_grant_permission

A user or team was granted access to a specific Application.

application_remove_permission

A user’s or team’s access to an Application was revoked.

🔐 Use Case: Security teams often monitor these events to detect unexpected permission escalations or access revocations.

Collaboration & Communication

These events capture user interactions that facilitate collaboration, discussion, and communication within SmartSuite records.

Event

Description

comment_create

A new comment was added to a record.

comment_edit

An existing comment was modified.

comment_delete

A comment was deleted.

comment_resolve

A comment thread was marked as resolved.

comment_unresolve

A resolved comment thread was reopened.

communication_center_email_send

An email was sent from a record via the Communication Center.

communication_center_email_reply

A reply was sent to an existing Communication Center email thread.

communication_center_email_delete

An email was deleted from the Communication Center.

💬 Example Use Case:
Track comment_create and communication_center_email_send events to measure collaboration activity or ensure sensitive communications are logged for compliance.

Additional Event Categories (for future expansion)

As SmartSuite evolves, new event categories will be introduced to support advanced use cases, such as:

  • Automation & Integration Events – capturing trigger executions, workflow runs, and integration API calls.

  • System Configuration Events – tracking changes to workspace settings, roles, and authentication configurations.

Your event stream will automatically include these as they are added — no configuration required.

Using Event Types in Your Integrations

You can filter, group, or route events by activity_type when processing data in your SIEM, data pipeline, or analytics system.
For example:

  • Use activity_type = record_field_update to alert when critical data changes occur.

  • Use activity_type = solution_grant_permission to track new administrative access.

  • Use activity_type grouping to visualize activity volume by event type in dashboards.

Related Articles
Automate Your Workflows with Zapier
Sorting and Filtering Records in the REST API
Connecting Softr to SmartSuite
Automation Action: Send Webhook Request
Did this answer your question?