> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Lists the event codes associated with log events.

# Log Type Codes

The following table lists the codes associated with each tenant log. If you want to learn more about log event schemas, you can reference our [GitHub repo](https://github.com/auth0/auth0-log-schemas).

<table class="table">
  <thead>
    <tr>
      <th><strong>Event Code</strong></th>
      <th><strong>Event</strong></th>
      <th><strong>Event Description</strong></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td><code>acls\_summary</code></td>
      <td>Network ACLs Summary</td>
      <td>Shows the summary of the network ACLs matches for a period of time</td>
    </tr>

    <tr>
      <td><code>actions\_execution\_failed</code></td>
      <td>Actions Execution Failed</td>
      <td>Execution of an Action failed</td>
    </tr>

    <tr>
      <td><code>api\_limit</code></td>
      <td>Rate Limit on the Authentication or Management APIs</td>
      <td>The maximum number of requests to the Authentication or Management APIs in a given time has been reached.</td>
    </tr>

    <tr>
      <td><code>api\_limit\_warning</code></td>
      <td>Rate Limit Warning on the Authentication or Management APIs</td>
      <td>The limit of requests to the Authentication or Management APIs in given time is about to be reached.</td>
    </tr>

    <tr>
      <td><code>appi</code></td>
      <td>Notice for API Peak Performance initiated</td>
      <td>Increases the Elevated Public Authentication API Limits by the 100 RPS multiple purchased by the customer for up to 48 hours per month. For more information, see <a href="/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#public-performance">Public performance rate limit policy</a>.</td>
    </tr>

    <tr>
      <td><code>ciba\_exchange\_failed</code></td>
      <td>Failed CIBA Exchange</td>
      <td>Failed to exchange AuthReqId for Access Token</td>
    </tr>

    <tr>
      <td><code>ciba\_exchange\_succeeded</code></td>
      <td>Successful CIBA Exchange</td>
      <td>Successful exchange of AuthReqId for Access Token</td>
    </tr>

    <tr>
      <td><code>ciba\_start\_failed</code></td>
      <td>Failed CIBA Start</td>
      <td>Client-Initiated Backchannel Authentication Flow failed to be initiated.</td>
    </tr>

    <tr>
      <td><code>ciba\_start\_succeeded</code></td>
      <td>Successful CIBA Start</td>
      <td>Client-Initiated Backchannel Authentication Flow has been successfully initiated.</td>
    </tr>

    <tr>
      <td><code>cls</code></td>
      <td>Code/Link Sent</td>
      <td>Passwordless login code/link has been sent</td>
    </tr>

    <tr>
      <td><code>cs</code></td>
      <td>Code Sent</td>
      <td>Passwordless login code has been sent</td>
    </tr>

    <tr>
      <td><code>depnote</code></td>
      <td>Deprecation Notice</td>

      <td />
    </tr>

    <tr>
      <td><code>f</code></td>
      <td>Failed Login</td>

      <td />
    </tr>

    <tr>
      <td><code>fc</code></td>
      <td>Failed by Connector</td>

      <td />
    </tr>

    <tr>
      <td><code>fce</code></td>
      <td>Failed Change Email</td>
      <td>Failed to change user email</td>
    </tr>

    <tr>
      <td><code>fco</code></td>
      <td>Failed by CORS</td>
      <td>Origin is not in the Allowed Origins list for the specified application</td>
    </tr>

    <tr>
      <td><code>fcoa</code></td>
      <td>Failed cross-origin authentication</td>

      <td />
    </tr>

    <tr>
      <td><code>fcp</code></td>
      <td>Failed Change Password</td>

      <td />
    </tr>

    <tr>
      <td><code>fcph</code></td>
      <td>Failed Post Change Password Hook</td>

      <td />
    </tr>

    <tr>
      <td><code>fcpn</code></td>
      <td>Failed Change Phone Number</td>

      <td />
    </tr>

    <tr>
      <td><code>fcpr</code></td>
      <td>Failed Change Password Request</td>

      <td />
    </tr>

    <tr>
      <td><code>fcpro</code></td>
      <td>Failed Connector Provisioning</td>
      <td>Failed to provision an AD/LDAP connector</td>
    </tr>

    <tr>
      <td><code>fcu</code></td>
      <td>Failed Change Username</td>
      <td>Failed to change username</td>
    </tr>

    <tr>
      <td><code>fd</code></td>
      <td>Failed Delegation</td>
      <td>Failed to generate delegation token</td>
    </tr>

    <tr>
      <td><code>fdeac</code></td>
      <td>Failed Device Activation</td>
      <td>Failed to activate device.</td>
    </tr>

    <tr>
      <td><code>fdeaz</code></td>
      <td>Failed Device Authorization Request</td>
      <td>Device authorization request failed.</td>
    </tr>

    <tr>
      <td><code>fdecc</code></td>
      <td>User Canceled Device Confirmation</td>
      <td>User did not confirm device.</td>
    </tr>

    <tr>
      <td><code>fdu</code></td>
      <td>Failed User Deletion</td>

      <td />
    </tr>

    <tr>
      <td><code>feacft</code></td>
      <td>Failed Exchange</td>
      <td>Failed to exchange authorization code for Access Token</td>
    </tr>

    <tr>
      <td><code>feccft</code></td>
      <td>Failed Exchange</td>
      <td>Failed exchange of Access Token for a Client Credentials Grant</td>
    </tr>

    <tr>
      <td><code>fecte</code></td>
      <td>Failed Exchange</td>
      <td>Failed Exchange via Custom Token Exchange</td>
    </tr>

    <tr>
      <td><code>fede</code></td>
      <td>Failed Exchange</td>
      <td>Failed to exchange Device Code for Access Token</td>
    </tr>

    <tr>
      <td><code>federated\_logout\_failed</code></td>
      <td>Failed Federated Logout</td>
      <td>Failed to logout of the upstream Identity Provider</td>
    </tr>

    <tr>
      <td><code>fens</code></td>
      <td>Failed Exchange</td>
      <td>Failed exchange for Native Social Login</td>
    </tr>

    <tr>
      <td><code>feoobft</code></td>
      <td>Failed Exchange</td>
      <td>Failed exchange of Password and OOB Challenge for Access Token</td>
    </tr>

    <tr>
      <td><code>feotpft</code></td>
      <td>Failed Exchange</td>
      <td>Failed exchange of Password and OTP Challenge for Access Token</td>
    </tr>

    <tr>
      <td><code>fepft</code></td>
      <td>Failed Exchange</td>
      <td>Failed exchange of Password for Access Token</td>
    </tr>

    <tr>
      <td><code>fepotpft</code></td>
      <td>Failed Exchange</td>
      <td>Failed exchange of Passwordless OTP for Access Token</td>
    </tr>

    <tr>
      <td><code>fercft</code></td>
      <td>Failed Exchange</td>
      <td>Failed Exchange of Password and MFA Recovery code for Access Token</td>
    </tr>

    <tr>
      <td><code>ferrt</code></td>
      <td>Failed Exchange</td>
      <td>Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected.</td>
    </tr>

    <tr>
      <td><code>fertft</code></td>
      <td>Failed Exchange</td>
      <td>Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired.</td>
    </tr>

    <tr>
      <td><code>fi</code></td>
      <td>Failed invite accept</td>
      <td>Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation.</td>
    </tr>

    <tr>
      <td><code>flo</code></td>
      <td>Failed Logout</td>
      <td>User logout failed</td>
    </tr>

    <tr>
      <td><code>flows\_execution\_completed</code></td>
      <td>Flows Execution Completed</td>

      <td />
    </tr>

    <tr>
      <td><code>flows\_execution\_failed</code></td>
      <td>Flows Execution Failed</td>

      <td />
    </tr>

    <tr>
      <td><code>fn</code></td>
      <td>Failed Sending Notification</td>
      <td>Failed to send notification</td>
    </tr>

    <tr>
      <td><code>forms\_submission\_failed</code></td>
      <td>Forms Submission Failed</td>

      <td />
    </tr>

    <tr>
      <td><code>forms\_submission\_succeeded</code></td>
      <td>Forms Submission Succeeded</td>

      <td />
    </tr>

    <tr>
      <td><code>fp</code></td>
      <td>Failed Login (Incorrect Password)</td>

      <td />
    </tr>

    <tr>
      <td><code>fpar</code></td>
      <td>Failed Pushed Authorization Request</td>

      <td />
    </tr>

    <tr>
      <td><code>fpurh</code></td>
      <td>Failed Post User Registration Hook</td>

      <td />
    </tr>

    <tr>
      <td><code>fs</code></td>
      <td>Failed Signup</td>

      <td />
    </tr>

    <tr>
      <td><code>fsa</code></td>
      <td>Failed Silent Auth</td>

      <td />
    </tr>

    <tr>
      <td><code>fu</code></td>
      <td>Failed Login (Invalid Email/Username)</td>

      <td />
    </tr>

    <tr>
      <td><code>fui</code></td>
      <td>Failed users import</td>
      <td>Failed to import users</td>
    </tr>

    <tr>
      <td><code>fv</code></td>
      <td>Failed Verification Email</td>
      <td>Failed to send verification email</td>
    </tr>

    <tr>
      <td><code>fvr</code></td>
      <td>Failed Verification Email Request</td>
      <td>Failed to process verification email request</td>
    </tr>

    <tr>
      <td><code>gd\_auth\_email\_verification</code></td>
      <td>Email Verification Confirmed</td>
      <td>Email verification completed successfully</td>
    </tr>

    <tr>
      <td><code>gd\_auth\_fail\_email\_verification</code></td>
      <td>Email Verification Failed</td>
      <td>Email verification failed.</td>
    </tr>

    <tr>
      <td><code>gd\_auth\_failed</code></td>
      <td>MFA Auth failed</td>
      <td>Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure.</td>
    </tr>

    <tr>
      <td><code>gd\_auth\_rejected</code></td>
      <td>MFA Auth rejected</td>
      <td>A user rejected a Multi-factor authentication request via push-notification.</td>
    </tr>

    <tr>
      <td><code>gd\_auth\_succeed</code></td>
      <td>MFA Auth success</td>
      <td>Multi-factor authentication success.</td>
    </tr>

    <tr>
      <td><code>gd\_enrollment\_complete</code></td>
      <td>MFA enrollment complete</td>
      <td>A first time MFA user has successfully enrolled using one of the factors.</td>
    </tr>

    <tr>
      <td><code>gd\_otp\_rate\_limit\_exceed</code></td>
      <td>Too many MFA failures</td>
      <td>A user sends more than 10 requests to their device within one hour. Note that the request limit does not reset upon a successful login event.</td>
    </tr>

    <tr>
      <td><code>gd\_recovery\_failed</code></td>
      <td>Recovery failed</td>
      <td>A user enters a wrong recovery code when attempting to authenticate.</td>
    </tr>

    <tr>
      <td><code>gd\_recovery\_rate\_limit\_exceed</code></td>
      <td>Multi-factor recovery code has failed too many times</td>
      <td>A user has entered a wrong recovery code too many times.</td>
    </tr>

    <tr>
      <td><code>gd\_recovery\_succeed</code></td>
      <td>MFA recovery success</td>
      <td>A user successfully authenticates with a recovery code.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_email</code></td>
      <td>MFA Email Sent</td>
      <td>Email for MFA successfully sent.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_email\_verification</code></td>
      <td>Email Verification Sent</td>
      <td>Verification email sent successfully.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_email\_verification\_failure</code></td>
      <td>Email Verification Failed</td>
      <td>Email verification failed.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_pn</code></td>
      <td>Push notification sent</td>
      <td>Push notification for MFA successfully sent.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_pn\_failure</code></td>
      <td>Error Sending MFA Push Notification</td>
      <td>Push notification for MFA failed.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_sms</code></td>
      <td>MFA SMS Sent</td>
      <td>SMS for MFA successfully sent.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_sms\_failure</code></td>
      <td>Error Sending MFA SMS</td>
      <td>Attempt to send SMS for MFA failed.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_voice</code></td>
      <td>MFA voice call success</td>
      <td>Voice call for MFA successfully made.</td>
    </tr>

    <tr>
      <td><code>gd\_send\_voice\_failure</code></td>
      <td>MFA voice call failed</td>
      <td>Attempt to make Voice call for MFA failed.</td>
    </tr>

    <tr>
      <td><code>gd\_start\_auth</code></td>
      <td>Second factor started</td>
      <td>Second factor authentication event started for MFA.</td>
    </tr>

    <tr>
      <td><code>gd\_start\_enroll</code></td>
      <td>MFA Enroll started</td>
      <td>Multi-factor authentication enroll has started.</td>
    </tr>

    <tr>
      <td><code>gd\_start\_enroll\_failed</code></td>
      <td>MFA Enrollment Failed</td>
      <td>Push to start enrollement failed.</td>
    </tr>

    <tr>
      <td><code>gd\_tenant\_update</code></td>
      <td>Guardian tenant update</td>

      <td />
    </tr>

    <tr>
      <td><code>gd\_unenroll</code></td>
      <td>Unenroll device account</td>
      <td>Device used for second factor authentication has been unenrolled.</td>
    </tr>

    <tr>
      <td><code>gd\_update\_device\_account</code></td>
      <td>Update device account</td>
      <td>Device used for second factor authentication has been updated.</td>
    </tr>

    <tr>
      <td><code>gd\_webauthn\_challenge\_failed</code></td>
      <td>WebAuthn browser error</td>
      <td>User failed to verify Webauthn factor.</td>
    </tr>

    <tr>
      <td><code>gd\_webauthn\_enrollment\_failed</code></td>
      <td>WebAuthn browser error</td>
      <td>WebAuthn browser  enrollment failed.</td>
    </tr>

    <tr>
      <td><code>kms\_key\_management\_failure</code></td>
      <td>Failed KMS API Operation</td>
      <td>KMS operation failed</td>
    </tr>

    <tr>
      <td><code>kms\_key\_management\_success</code></td>
      <td>Success KMS API Operation</td>
      <td>KMS operation completed successfully</td>
    </tr>

    <tr>
      <td><code>kms\_key\_state\_changed</code></td>
      <td>KMS Key State Change</td>
      <td>KMS key state changed</td>
    </tr>

    <tr>
      <td><code>limit\_delegation</code></td>
      <td>Too Many Calls to /delegation</td>
      <td>Rate limit exceeded to `/delegation` endpoint</td>
    </tr>

    <tr>
      <td><code>limit\_mu</code></td>
      <td>Blocked IP Address</td>
      <td>An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed. For more information, see <a href="/docs/secure/attack-protection">Attack Protection</a>.</td>
    </tr>

    <tr>
      <td><code>limit\_sul</code></td>
      <td>Blocked Account</td>
      <td>A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address. For more information, see <a href="/docs/secure/attack-protection">Attack Protection</a>.</td>
    </tr>

    <tr>
      <td><code>limit\_wc</code></td>
      <td>Blocked Account</td>
      <td>An IP address is blocked because it reached the maximum failed login attempts into a single account.</td>
    </tr>

    <tr>
      <td><code>mfar</code></td>
      <td>MFA Required</td>
      <td>A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment. Available in only the <a href="/docs/get-started/authentication-and-authorization-flow/resource-owner-password-flow">Resource Owner Password Flow</a>.</td>
    </tr>

    <tr>
      <td><code>mgmt\_api\_read</code></td>
      <td>Management API read Operation</td>
      <td>API GET operation returning secrets completed successfully</td>
    </tr>

    <tr>
      <td><code>my\_account\_authentication\_method\_failed</code></td>
      <td>Failed authentication method operation in My Account API</td>
      <td>Failed to complete authentication method operation in My Account API</td>
    </tr>

    <tr>
      <td><code>my\_account\_authentication\_method\_succeeded</code></td>
      <td>Successful authentication method operation in My Account API</td>
      <td>Successfully completed authentication method operation in My Account API</td>
    </tr>

    <tr>
      <td><code>oidc\_backchannel\_logout\_failed</code></td>
      <td>Failed OIDC Back-Channel Logout request</td>
      <td>Failed OIDC Back-Channel Logout request</td>
    </tr>

    <tr>
      <td><code>oidc\_backchannel\_logout\_succeeded</code></td>
      <td>Successful OIDC Back-Channel Logout request</td>
      <td>Successful OIDC Back-Channel Logout request</td>
    </tr>

    <tr>
      <td><code>organization\_member\_added</code></td>
      <td>Organization Member Added</td>
      <td>Successfully added member to organization</td>
    </tr>

    <tr>
      <td><code>passkey\_challenge\_failed</code></td>
      <td>Passkey Challenge Failed</td>
      <td>Native passkey challenge failed</td>
    </tr>

    <tr>
      <td><code>passkey\_challenge\_started</code></td>
      <td>Passkey Challenge Started</td>
      <td>Native passkey challenge was successfully initiated</td>
    </tr>

    <tr>
      <td><code>pla</code></td>
      <td>Pre-login assessment</td>
      <td>This log is generated before a login and helps in monitoring the behavior of bot detection without having to enable it.</td>
    </tr>

    <tr>
      <td><code>pwd\_leak</code></td>
      <td>Breached password</td>
      <td>Someone behind the IP address <code>ip</code> attempted to login with a leaked password. The <code>pwd\_leak</code> tenant log is emitted once per hour per IP address.</td>
    </tr>

    <tr>
      <td><code>reset\_pwd\_leak</code></td>
      <td>Breached Password on Reset</td>
      <td>Someone behind the IP address <code>ip</code> attempted to reset with a leaked password.</td>
    </tr>

    <tr>
      <td><code>resource\_cleanup</code></td>
      <td>Success Resource Cleanup</td>
      <td>Emitted when resources exceeding defined limits were removed.</td>
    </tr>

    <tr>
      <td><code>rich\_consents\_access\_error</code></td>
      <td>Rich Consents Access Error</td>
      <td>Error fetching a Rich Consent record</td>
    </tr>

    <tr>
      <td><code>s</code></td>
      <td>Success Login</td>
      <td>Successful login event.</td>
    </tr>

    <tr>
      <td><code>sapi</code></td>
      <td>Success API Operation</td>
      <td>Successful management API write event.</td>
    </tr>

    <tr>
      <td><code>sce</code></td>
      <td>Success Change Email</td>

      <td />
    </tr>

    <tr>
      <td><code>scoa</code></td>
      <td>Success cross-origin authentication</td>

      <td />
    </tr>

    <tr>
      <td><code>scp</code></td>
      <td>Success Change Password</td>

      <td />
    </tr>

    <tr>
      <td><code>scpn</code></td>
      <td>Success Change Phone Number</td>

      <td />
    </tr>

    <tr>
      <td><code>scpr</code></td>
      <td>Success Change Password Request</td>

      <td />
    </tr>

    <tr>
      <td><code>scu</code></td>
      <td>Success Change Username</td>

      <td />
    </tr>

    <tr>
      <td><code>scv</code></td>
      <td>Success Credential Validation</td>
      <td>Successful credential validation event.</td>
    </tr>

    <tr>
      <td><code>sd</code></td>
      <td>Success Delegation</td>

      <td />
    </tr>

    <tr>
      <td><code>sdu</code></td>
      <td>Success User Deletion</td>
      <td>User successfully deleted</td>
    </tr>

    <tr>
      <td><code>seacft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of authorization code for Access Token</td>
    </tr>

    <tr>
      <td><code>seccft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Access Token for a Client Credentials Grant</td>
    </tr>

    <tr>
      <td><code>secte</code></td>
      <td>Success Exchange</td>
      <td>Succesful Exchange via Custom Token Exchange</td>
    </tr>

    <tr>
      <td><code>sede</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of device code for Access Token</td>
    </tr>

    <tr>
      <td><code>sens</code></td>
      <td>Success Exchange</td>
      <td>Native Social Login</td>
    </tr>

    <tr>
      <td><code>seoobft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Password and OOB Challenge for Access Token</td>
    </tr>

    <tr>
      <td><code>seotpft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Password and OTP Challenge for Access Token</td>
    </tr>

    <tr>
      <td><code>sepft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Password for Access Token</td>
    </tr>

    <tr>
      <td><code>sepkoobft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Passkey and OOB Challenge for Access Token</td>
    </tr>

    <tr>
      <td><code>sepkotpft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Passkey and OTP Challenge for Access Token</td>
    </tr>

    <tr>
      <td><code>sepkrcft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Passkey and MFA Recovery Code for Access Token</td>
    </tr>

    <tr>
      <td><code>sercft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Password and MFA Recovery code for Access Token</td>
    </tr>

    <tr>
      <td><code>sertft</code></td>
      <td>Success Exchange</td>
      <td>Successful exchange of Refresh Token for Access Token</td>
    </tr>

    <tr>
      <td><code>si</code></td>
      <td>Successfully accepted a user invite</td>
      <td>Successfully accepted a user invitation</td>
    </tr>

    <tr>
      <td><code>signup\_pwd\_leak</code></td>
      <td>Breached Password on Signup</td>
      <td>Someone behind the IP address <code>ip</code> attempted to signup with a leaked password.</td>
    </tr>

    <tr>
      <td><code>slo</code></td>
      <td>Success Logout</td>
      <td>User successfully logged out</td>
    </tr>

    <tr>
      <td><code>ss</code></td>
      <td>Success Signup</td>

      <td />
    </tr>

    <tr>
      <td><code>ss\_sso\_failure</code></td>
      <td>Failed SS-SSO Operation</td>
      <td>Self-Service operation failed</td>
    </tr>

    <tr>
      <td><code>ss\_sso\_info</code></td>
      <td>Information from an SS-SSO Operation</td>
      <td>Try-connection flow started/completed</td>
    </tr>

    <tr>
      <td><code>ss\_sso\_success</code></td>
      <td>Success SS-SSO Operation</td>
      <td>Self-Service operation completed successfully</td>
    </tr>

    <tr>
      <td><code>ssa</code></td>
      <td>Success Silent Auth</td>

      <td />
    </tr>

    <tr>
      <td><code>sscim</code></td>
      <td>Successful SCIM Operation</td>
      <td>SCIM operation succeeded</td>
    </tr>

    <tr>
      <td><code>sui</code></td>
      <td>Successfully imported users</td>
      <td>Successfully imported users</td>
    </tr>

    <tr>
      <td><code>sv</code></td>
      <td>Success Verification Email</td>
      <td>Successfully consumed email verification link</td>
    </tr>

    <tr>
      <td><code>svr</code></td>
      <td>Success Verification Email Request</td>
      <td>Successfully called verification email endpoint. Verification email in queue to send.</td>
    </tr>

    <tr>
      <td><code>too\_many\_records</code></td>
      <td>Max Amount of Authenticators</td>
      <td>User has created the maximum amount of authenticators</td>
    </tr>

    <tr>
      <td><code>ublkdu</code></td>
      <td>User login block released</td>
      <td>User block setup by anomaly detection has been released</td>
    </tr>

    <tr>
      <td><code>universal\_logout\_failed</code></td>
      <td>Failed Universal Logout request</td>
      <td>Failed Universal Logout request</td>
    </tr>

    <tr>
      <td><code>universal\_logout\_succeeded</code></td>
      <td>Successful Universal Logout request</td>
      <td>Successful Universal Logout request</td>
    </tr>

    <tr>
      <td><code>w</code></td>
      <td>Warning During Login</td>
      <td>Filters for logs of type <code>warning</code> during login</td>
    </tr>

    <tr>
      <td><code>wn</code></td>
      <td>Warning Sending Notification</td>
      <td>Warnings that have occurred during notification sending.</td>
    </tr>

    <tr>
      <td><code>wum</code></td>
      <td>Warning User Management</td>
      <td>Filters for logs of type <code>warning</code> during user management operations</td>
    </tr>
  </tbody>
</table>

## Learn more

* [View Logs](/docs/deploy-monitor/logs/view-log-events)
* [Log Search Query Syntax](/docs/deploy-monitor/logs/log-search-query-syntax)
* [Filter Log Events](/docs/deploy-monitor/logs/log-event-filters)
* [Retrieve Log Logs Using the Management API](/docs/deploy-monitor/logs/retrieve-log-events-using-mgmt-api)
* [Log Streams](/docs/customize/log-streams)
