Skip to main content Skip to complementary content

Audit trail

Audit trail provides access to a history of all executed events and procedures on your system. This provides insight into systems information and system integrity and is used for many reasons including compliance, records of change to system including user access, investigation into anomalous system or user behavior and more.

The following actions are logged as part of the audit trail:

  • Authentication events (Success & Denied) for system access points (Qlik NPrinting Web Admin, NewsStand, API)
  • Qlik NPrinting web administration system configuration

    (Create, update and delete events for Qlik NPrinting entities and settings. This includes events from import functions for users and filters, Qlik NPrinting 16 projects and Qlik NPrinting reports.)

  • Qlik NPrinting report execution outcome (Who, Where)
    Inclusive of scheduled and On-Demand reports
  • NewsStand events

Installed files

Qlik NPrinting audit database

A separate dedicated database for audit logging is created with Qlik NPrinting Server. This database is created by default with a dedicated user and a randomly generated password. The database is deleted when Qlik NPrinting is uninstalled, so the data needs to be exported before uninstalling if you want to maintain the archive.

Qlik NPrinting audit service

The Qlik NPrinting audit service is installed with Qlik NPrinting Server. The service must be active to write logs to the Qlik NPrinting audit database. The service writes errors to the log file located in %PROGRAMDATA%\NPrinting\Logs\nprinting_audit.log if it fails to write data to the database.

Using the Audit trail

Audit trail logs are consumed via the public REST API https://ServerName:4993/api/v1/audit/logs that provides data as text files separated by tabs.

Do the following:

  1. Open the Qlik NPrinting web console in your browser.

  2. Log in as a user that has a role with Audit rights.

    See: Managing roles

  3. Insert the name of your server in https://ServerName:4993/api/v1/audit/logs then paste it in your browser.

    A text file will start downloading. Each field will be in a different tab.

  4. You can open the file in a text editor, import to Excel, or upload it to a Qlik Sense app.

Filtering Audit trail data

Audit trail data can be filtered via API by:

  • date

  • app id

  • user id

  • target

  • target id

  • data type

The resulting CSV contains only filtered rows. All fields are string types. Fields names are case sensitive.

Filter fields





The start date and time in the format: yyyy-mm-ddThh:mm:ssZ



The target name to filter on.

TargetId The ID of the target to filter on.



The ID of the app to filter on.


UserId The ID of the user to filter on.


DataType The data type to filter on.


Logged events

Here are some of the event types that are logged:

  • Audit Windows service events

  • Authentication and security events

    • Authentication

    • Permissions

    • Password reset

  • Conditions events

  • Connection events

    • Connection creation

    • Cache reload

    • Connection deletion

  • Engines events

  • Licenses events

  • NewsStand events

    • NewsStand reports events

    • Subscription events

  • Publish tasks and On-Demand events

  • Report distribution events

    • Reports published on the NewsStand

    • Reports published to folder

    • Reports published to Qlik Sense hub

    • Reports send via email

  • Users events

Output file

The output file contains the following information:

Output file columns




The ISO 8601 date when the event has happened.


The source of event, usually a service.


The standard code of the logged event.


The object or underlying resource that is being changed. For example: user, app, report.


The ID of the target object.


The name of the target object.


The change performed on the target. For example: created, updated, read.


The ID of the app where the action is performed.


The ID of the user who performed the action.


The name of the user who performed the action.


The IP address which originated the web request.


A human readable description of the event.


Additional information about the event as a .json object.


Schema for the Data object.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!