Skip to content
LogoLogScale DocumentationLibraryKB Release Notes Integrations Query Examples Training APIGraphQLSearch Archives Contact Support
🔖੆Help button for documentation
    • LogScale System Repository Schema Guide
    • The humio Repository
      • Query data in the humio Repository
    • The humio-activity Repository
        • Action
        • Action/Action
        • AggregateAlert/Alert
        • AggregateAlert/Query
        • Alert/Action
        • Alert/Alert
        • Alert/Query
        • Fdr/Entity
        • Fdr/Ingest
        • FilterAlert/Action
        • FilterAlert/Alert
        • FilterAlert/Query
        • GraphQL/Deprecation
        • PermissionAssignment/groupAssignments
        • PermissionAssignment/numberOfGroups
        • PermissionAssignment/numberOfUsers
        • PermissionAssignment/userAssignments
        • PermissionAssignment/userPermissionCounts
        • Query
        • Request
        • ScheduledSearch/Action
        • ScheduledSearch/Query
        • ScheduledSearch/Schedule
        • ScheduledSearch/ScheduledSearch
        • SystemPrivilege/ChangeSystemPermission
        • SystemPrivilege/ManageOrganizations
      • Alert, Scheduled Search, and Scheduled Report Errors and Resolutions
    • The humio-audit repository
      • Common Structures
        • Actor Structure
          • Query Actor Data
        • humio-audit Query Structure
      • humio-audit Event types
      • Examples of queries for humio-audit
    • The humio-fleet Repository
    • The humio-measurements Repository
    • The humio-metrics Repository
      • Node-Level Metrics
      • Object-Level Metrics
      • Example queries
    • The humio-usage Repository
      • humio-organization-usage View
    • The humio-trigger-execution-info Repository
Falcon LogScale Documentation
/ LogScale System Repository Schema Guide
/ The humio-audit repository
/ humio-audit Event types

Audit Log Event organizations.users

Organization users have been updated

Field TypeTypeValueAvailabilityDescription
actionNameString   The name of the action, for example create, delete or update
actorActorType   Actor, as defined in Actor Structure
organizationIdString   Organization ID
sensitiveBoolean   Whether the audited event is marked sensitive
targetUserInfo   Target for permissions
timestampZonedDateTime   Timestamp of the audited event
Support
  • Twitter
  • LinkedIn
  • Youtube

© 2026 CrowdStrike All other marks contained herein are the property of their respective owners.

  • Other articles on this topic

    • General Information About Triggers
    • Set User Defaults (Cloud)
    • Set User Defaults (Self-Hosted)
    • Understand Organizations (Cloud)
    • Understand Organizations (Self-Hosted)

  • Terminology

    • Organization

  • Related GraphQL API

    • updateOrganizationInfo()
    • updateOrganizationLimits()
    • updateOrganizationNotes()

  • Security (humio-audit) Events

    • Audit Log Event action
    • Audit Log Event flushingstate.org.update
    • Audit Log Event limit.delete
    • Audit Log Event org.datasources.import
    • Audit Log Event org.metadata.import.rollback
    • Audit Log Event org.metadata.import
    • Audit Log Event org.segments.import
    • Audit Log Event organization.userdefaults.update
    • Audit Log Event organizations.link.unlink.child
    • Audit Log Event organizations.link.unlink
    • Audit Log Event organizations.subscription.change
    • Audit Log Event organizations.transfer.user
    • Audit Log Event organizations.update.foreignkey
    • Audit Log Event organizations.users.batch
    • Audit Log Event organizations
    • Audit Log Event sessions.change.config
    • Audit Log Event subdomain.remove
    • Audit Log Event subdomain.set

Enter search term