list_audit_logs
Retrieve paginated configuration audit logs showing admin changes with attribution. Supports filtering by source type and action for targeted audits.
Instructions
Returns instance-wide configuration audit logs as paginated skeletons (id, source_type, actor_name, action, change_description, created_at), every admin/config change with attribution. Enterprise-plan-gated; on lower plans returns upstream_error with the underlying http_status (403/404). Default limit: 100; pass cursor, fields, filter (server-side filters for source_type/action are honored). For per-ticket field changes use get_ticket_audits, this tool is admin-config only, not ticket-level.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Max items to return. Default 100. The full corpus is fetched and cached server-side; this only limits what the response carries. | |
| cursor | No | Opaque pagination token from a previous response. Slices the next page from the cached corpus. Stale cursors (older than the cache TTL) auto-reset to offset 0 and set cursor_invalidated: true. | |
| fields | No | Whitelist of field names. Overrides the default projection. Use to opt into extra fields (e.g. ["id","title","active","position","category_id","updated_at"]) without going fully verbose. | |
| filter | No | Structured filter applied to the cached corpus before slicing. Supported keys: active (bool), category_id (number/string), title_contains (string, case-insensitive), updated_since (ISO timestamp). Unsupported keys are ignored with a note in the response. | |
| refresh | No | Bypass cache and re-fetch from Zendesk | |
| verbose | No | Return full audit log objects instead of the thin projection | |
| instance | No | Override the sticky instance for this call | |
| filter_action | No | Optional filter[action] query (e.g. "create", "update") | |
| filter_source_type | No | Optional filter[source_type] query (e.g. "Trigger", "User") |