Observability
Three views of the same underlying activity stream, at different levels of abstraction. Activity Timeline shows the live feed. Audit log is the append-only record. Analytics rolls everything up into usage trends. This hub is the entry point for all three.
What this page is for
Running an Exolvra instance without observability is flying blind — you don’t know what agents are doing, you don’t know where the cost is going, you can’t tell whether a weird outcome was a bug or a feature. Observability is the umbrella over the three surfaces that give you that visibility.
Opening /admin/observability lands on a three-card hub. The cards link to Activity Timeline, Audit Log, and Analytics. This page explains when to use each.
The three surfaces
| Surface | Granularity | Time window | Use it for |
|---|---|---|---|
| Activity Timeline | One event per agent turn, tool call, or lifecycle transition | Now (live-updating) | Watching a running session, debugging a stuck issue |
| Audit log | One row per durable event (tool calls, sign-ins, config changes, approvals) | Retention window per tier | Compliance, forensics, “who did what” |
| Analytics | Rolled-up aggregates (tokens per day, cost per model, session volume) | Retention window per tier | Trend watching, capacity planning, cost attribution |
Activity Timeline vs. audit log
These two look similar and get conflated. They’re not the same.
Activity Timeline is rendered from in-memory state plus a short-window event buffer. It updates in real time. When an agent makes a tool call, it appears on the timeline within a second. Use it when you’re debugging something in progress — a session that’s spinning, an issue that won’t complete, a tool that’s failing silently. Filter by session id or issue id to watch a specific thing.
Audit log is the durable, append-only record. Every meaningful event is written to the log with enough detail to reconstruct the action later. You can search it. You can export it. You can’t edit or delete individual rows. Use it when you need to know what happened after the fact — a compliance review, an incident investigation, a cost dispute.
Same source events; different views. Activity is for “what’s happening now?” — audit is for “what happened last Tuesday at 3pm?”.
Analytics, in one paragraph
Analytics rolls audit data into time-series charts: token usage per day, spend per model, session volume per channel, tool-call heatmaps. It’s the zoomed-out view you use when you want to understand the shape of usage rather than individual events. The charts are filterable by date range, team, and agent. Most instances check analytics once a week to confirm spend is in the expected envelope and nothing has spiked.
Common tasks
Watch a live session
Open Activity Timeline. Type the session id in the filter, or click through from the session’s chat page. Events stream in as they happen — the agent’s turns, the tool calls, their results, any guardrail decisions. When the session ends, the timeline stops updating for that id.
Export audit data for compliance
Open Audit Log. Set the date range, set the actor filter if relevant, click Export. Pick a format (JSON, CSV, NDJSON). The export respects the filters — export only what you need. For long-term retention beyond your tier’s audit window, configure a webhook from the notifications settings to stream events out in real time.
Understand a cost spike
Open Analytics. Change the date range to include the spike. Switch the breakdown to “by model” to see whether a specific model was used more, then to “by agent” to see which agent drove the usage. Cross-reference back to the audit log with the actor filter set to that agent to see the specific sessions.
Common pitfalls
Treating Activity Timeline as a permanent record. It’s not. Events outside the short-window buffer roll off. If you need long-term history, the audit log is the system-of-record.
Skipping analytics until something breaks. The point of analytics is to see trends before they turn into incidents. A weekly 5-minute check is cheap insurance against a runaway cost month.
Confusing sessions, issues, and events. A session is a conversation. An issue is a durable unit of work. An event is a single thing that happened (tool call, message, status change). All three are logged here — filtering by the right one is faster.
Where to go next
- Audit log — the full audit reference
- Admin overview — all six hubs at a glance
- Settings → Data & storage — session retention controls
- Budget — the user-facing cost view