Export Log Events with Rules
You can use many services to analyze events generated in your applications. You can create an Auth0 rule to capture specific events, such as user signups, logins, and user location, then send that data to your preferred analytics service.
Some services you can choose from include:
We also recommend that you try our log streaming service or log export extensions to send all your log data to a third-party service.
Rule examples
Here are a few examples of rules. In most cases, before you run the rule, you will need to have a write key that you obtain from the service and store in the rule's global configuration
object. The following examples require a write key.
For more examples, see our Auth0 Rules Repository on GitHub.
Keen
Keen provides a service to capture and analyze events generated in your apps. In this example, the rule sends contextual information, such as IP address (to deduce location), user ID, and username. For this rule, we track the event type using the property user.signedUp
. When the property is set to true
, we assume the event is a login. Otherwise, we assume the event is a new signup, and set it to true
. Thus, the next time the user logs in, the event will be recorded as a login.
function(user, context, callback) {
var request = require('request');
if(user.signedUp){
return callback(null, user, context);
}
var writeKey = configuration.KEENIO_WRITE_KEY;
var projectId = configuration.KEENIO_PROJECT_ID;
var eventCollection = 'signups';
var keenEvent = {
userId: user.user_id,
name: user.name,
ip: context.request.ip //Potentially any other properties in the user profile/context
};
request.post({
method: 'POST',
url: 'https://api.keen.io/3.0/projects/' + projectId + '/events/' + eventCollection,
headers: {
"Authorization: " + writeKey,
'Content-type': 'application/json'
},
body: JSON.stringify(keenEvent),
},
function (e, r, body) {
if( e ) return callback(e,user,context);
//We assume everything went well
user.persistent.signedUp = true;
return callback(null, user, context);
});
}
Segment
Segment provides a large number of analytics with a single API. In this example, the rule sends signup and login events to Segment. We will use Segment's Node.js library to record the Auth0 data.
function(user, context, callback) {
var Analytics = require('analytics-node');
var analytics = new Analytics(configuration.WRITE_KEY, { flushAt: 1 });
// Note: Set { flushAt: 1 } and use analytics.flush to ensure
// the data is sent to Segment before the rule/Webtask terminates
// Identify your user
analytics.identify({
userId: user.user_id,
traits: {
email: user.email,
signed_up: user.created_at,
login_count: user.logins_count
},
"context": {
"userAgent": context.request.UserAgent,
"ip": context.request.ip
}
});
analytics.track({
userId: user.user_id,
event: 'Logged In',
properties: {
clientName: context.clientName,
clientID: context.clientID,
connection: context.connection
},
"context": {
"userAgent": context.request.UserAgent,
"ip": context.request.ip
}
});
analytics.flush(function(err, batch){
callback(null, user, context);
});
}
Splunk
Splunk provides a web interface for searching, monitoring, and examining data. In this example, the rule sends signup and login events to Splunk. We will use Splunk's REST API to record the Auth0 data. Splunk's API supports basic and token-based auth. In this example, we use token-based auth.
For this rule, we track the event type using the property user.app_metadata.signedUp
as in the Keen example above.
function (user, context, callback) {
const request = require('request');
user.app_metadata = user.app_metadata || {};
const endpoint = 'https://http-inputs-mysplunkcloud.example.com:443/services/collector'; // replace with your Splunk HEC endpoint;
//Add any interesting info to the event
const hec_event = {
event: {
message: user.app_metadata.signedUp ? 'Login' : 'Signup',
application: context.clientName,
clientIP: context.request.ip,
protocol: context.protocol,
userName: user.name,
userId: user.user_id
},
source: 'auth0',
sourcetype: 'auth0_activity'
};
request.post({
url: endpoint,
headers: {
'Authorization': 'Splunk ' + configuration.SPLUNK_HEC_TOKEN
},
strictSSL: true, // set to false if using a self-signed cert
json: hec_event
}, function(error, response, body) {
if (error) return callback(error);
if (response.statusCode !== 200) return callback(new Error('Invalid operation'));
user.app_metadata.signedUp = true;
auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
.then(function () {
callback(null, user, context);
})
.catch(function (err) {
callback(err);
});
});
}