Skip to main content

Log Viewer

The ZeroTek Log Viewer lets you run live queries on the Okta System Log to quickly investigate events for a specific user, group, application, or entire organization — without leaving ZeroTek.

ROLE REQUIRED

Any ZeroTek role except Billing

Read-Only Administrators cannot export events

What you can do:

  • View Okta System Log events for an entire organization, or for a specific user, group, or application

  • Filter events by date, event type, and Okta Object ID

  • Search, sort, and expand event details

  • Copy event lists or export in CSV or PDF

How the Log Viewer works

The Log Viewer displays no events until you specify your search criteria — this is by design, since most use cases involve investigating events tied to a specific object for a specific time period.

Okta Object ID — Every object in Okta (user, group, application) has a unique Okta Object ID. Filtering by Okta Object ID scopes results to events generated by that object or taken against it, making it much faster to investigate activity for a specific user, group, or application.

View Logs link — On the detail page for every user, group, and application in ZeroTek, a View Logs link (next to Status) opens the Log Viewer with the relevant Okta Object ID already populated. All you need to do is set a date range and run the search. If you frequently investigate the same objects, note their Okta Object IDs for direct use in the Log Viewer.

View log events for a specific user, group, or application

  1. In ZeroTek, select the target organization and navigate to the Users, Groups, or Applications area.

  2. Click the user, group, or application you want to investigate to open its details page.

  3. Click View Logs. The Log Viewer opens with the Okta Object ID pre-populated.

  4. Select a Date Filter.

  5. Select a Results Limit, or leave the default of 100.

  6. Click Submit.

View log events for an entire organization

  1. Navigate directly to the Log Viewer area in ZeroTek.

  2. Select the target organization from the dropdown.

  3. Select a Date Filter, then click Submit.

Working with results

  • Sort any column by ascending or descending order.

  • Filter by Event Type — useful when you know the time range but not the specific event type, such as when scanning for authentication failures or security events.

  • Search the results table to narrow down further.

  • Expand an event by clicking the small arrow beside it to view full event details.

  • Export using Copy, CSV, or PDF (not available to Read-Only Administrators).

Need help? Contact ZeroTek Support at support@zerotek.com.

Related Articles
ZeroTek Audit
How ZeroTek works with Okta – key concepts
Glossary
Collecting Okta Verify Logs from Windows and Mac operating systems
Users are not being provisioned from Okta to M365
Did this answer your question?