Overview

Xelon HQ records every action — from creating a device to modifying a firewall rule — as an activity log entry. Logs are available in multiple places depending on the scope you need: your own activity, an entire organization, a specific device, or a unified view across all organizations.

Where to Find Logs

Unified Logs Page

The Logs page in the sidebar provides the most comprehensive view. It aggregates activity across all organizations you can access and offers the richest set of controls.

Filtering

Use the filter bar at the top of the page to narrow results:

• Organization: Select one or more organizations to filter by.
• Category: Filter by category (e.g., Device, Persistent Storage, K8s, IP, ISO, WAF, Service Token).
• Type: Filter by action type.
• Date range: Set a start and end date.
• Search: Free-text search across event names.

Saving Filters

Click Save Filter to save your current filter combination with a name for quick reuse. Saved filters appear in the filter dropdown and can be applied with a single click. Use Reset filters to clear all active filters.

Views

The Logs page offers three views, accessible via tabs:

• Logs Table: The default chronological list of all log entries.
• Log Volume by Category: A chart showing the distribution of activity across categories.
• Logs Frequency: A chart showing activity frequency over time, useful for spotting unusual patterns.

Exporting

Click Export to download the current filtered log view as a ZIP file for offline analysis, compliance reporting, or integration with external tools.

User & Organization Logs

The per-user and per-organization log views are simpler and designed for quick access. Each shows a table with columns for time, user, and event description. Use the time range toggle to switch between the last 30 days and all available logs. The search field filters by event name, and the download button lets you export with a custom date range.

Device Eventlog

The device-level log appears on the Overview tab of the device detail page. It shows only actions related to that specific device (power changes, hardware modifications, backup events, etc.) and is useful for troubleshooting device-specific issues.

Activity Logs API

All activity logs are available via the REST API, enabling integration with external SIEM, monitoring, and observability tools. Use the API to pull logs into your existing security and operations workflows.

API Endpoints

Query Parameters

All activity endpoints support the following query parameters for filtering and pagination:

• search — Free-text search across event names
• filter — Filter by activity category
• type — Filter by activity type
• dateFrom / dateTo — Date range filter
• tenants — Array of tenant identifiers (for multi-org queries)
• page / perPage — Pagination

SIEM & Monitoring Integration

Use the Activity Logs API to feed Xelon HQ events into your security and observability stack. Common integration targets include:

• Splunk — Ingest via HTTP Event Collector (HEC) with a scheduled script that polls the API
• Grafana — Use the Infinity data source plugin to query the API and build dashboards
• Datadog — Forward logs via a custom integration or Datadog's HTTP API
• Checkmk — Use the REST API integration or a custom local check to monitor activity
• Sentry — Forward error-type events for application-level alerting
• Elastic / ELK Stack — Ingest via Logstash HTTP input or Filebeat

Authentication is via Service Tokens — create a dedicated service token for your monitoring integration. See the API Reference for authentication details.