Skip to main content
Solved

Logs for Candidate Sync from SuccessFactors to Eightfold

  • May 29, 2026
  • 2 replies
  • 9 views
A

I am an Admin User planning to monitor Candidate Sync from SAP SuccessFactors Recruiting to Eightfold Talent Acquisition. This integration is set up using Eightfold APIs for SuccessFactors Recruiting.

I have access to Integration, Platform Tools and Security & Compliance menu options in Admin Console. To investigate an issue where user email addresses got overwritten (in bulk) by a process, I need to access the Audit Logs. I tried searching in the Security & Compliance area, but could not find any suitable logs that can indicate the data update.

Please advise where I can get such logs that capture the details of data updates triggered by a backend process (or integration). The aim is to have the view of what actions happen on Eightfold data from a process that is not UI based.

Best answer by dkreiger

Hi ​@asubramaniam, What you’re running into is a real limitation of what most admins can self-serve from the Security & Compliance area: those “audit logs” are generally oriented around UI/admin actions, and they typically won’t give you a field-level trail for backend writes coming from an integration/API job.

For non-UI updates (like Candidate Sync from SAP SuccessFactors Recruiting → Eightfold TA), the most reliable “what changed / what wrote it” evidence is usually in the integration processing logs, not the Security & Compliance audit views.
 

Where to look for backend / integration-triggered update logs

 

1) Integration execution logs (SuccessFactors webhook/API processing) — backend logs

For SuccessFactors webhook-driven activity (and, in practice, many integration event flows), we can trace the incoming events and processing outcomes in backend logging. The SuccessFactors webhook implementation guide explicitly calls out tracing events via Redshift logs, including the webhooks_log table (and shows example queries that filter by group_id, system_id, and time window). 

This log pattern is valuable because it can show:

  • that Eightfold received an event payload,
  • whether it was queued and processed successfully (or failed),
  • and the payload content (e.g., in data_json) which helps identify if the source system sent the “wrong” email value.

It also notes that if the notification is processed, it can be seen in Diagnostics as well. 

Practical implication: if email addresses were overwritten “in bulk,” you typically want to correlate:

  • the time window of the overwrite, with
  • the integration system id, and
  • the webhook/sync processing entries around that time.


2) Diagnostics (platform-side visibility into processing)

That same guide indicates processed webhook notifications can be verified in Diagnostics (i.e., platform diagnostics rather than Security & Compliance audit). 

Practical implication: Diagnostics is usually the closest “self-serve” place to confirm that something ran and whether it errored, but it may not always provide a full field-by-field before/after diff.
 

3) Data Warehouse / SIEM publishing for “actions & audit logs”

Eightfold’s internal security/audit architecture explicitly references using the Eightfold Data Warehouse for “Actors and Actions (audit logs)” and publishing those logs onward to a SIEM for security/compliance monitoring and investigation workflows. 

Practical implication: if your goal is an ongoing operational capability—“show me what actions happen on Eightfold data from processes that aren’t UI-based”—the scalable approach is typically:

  • publish audit/action logs to your SIEM, and/or
  • query those “actions/audit” datasets in the Data Warehouse layer (depending on what your Eightfold deployment has enabled).

    2 replies

    dkreiger
    Community Manager
    • dkreigerCommunity Manager
    • Community Manager
    • Answer
    • May 29, 2026

    Hi ​@asubramaniam, What you’re running into is a real limitation of what most admins can self-serve from the Security & Compliance area: those “audit logs” are generally oriented around UI/admin actions, and they typically won’t give you a field-level trail for backend writes coming from an integration/API job.

    For non-UI updates (like Candidate Sync from SAP SuccessFactors Recruiting → Eightfold TA), the most reliable “what changed / what wrote it” evidence is usually in the integration processing logs, not the Security & Compliance audit views.
     

    Where to look for backend / integration-triggered update logs

     

    1) Integration execution logs (SuccessFactors webhook/API processing) — backend logs

    For SuccessFactors webhook-driven activity (and, in practice, many integration event flows), we can trace the incoming events and processing outcomes in backend logging. The SuccessFactors webhook implementation guide explicitly calls out tracing events via Redshift logs, including the webhooks_log table (and shows example queries that filter by group_id, system_id, and time window). 

    This log pattern is valuable because it can show:

    • that Eightfold received an event payload,
    • whether it was queued and processed successfully (or failed),
    • and the payload content (e.g., in data_json) which helps identify if the source system sent the “wrong” email value.

    It also notes that if the notification is processed, it can be seen in Diagnostics as well. 

    Practical implication: if email addresses were overwritten “in bulk,” you typically want to correlate:

    • the time window of the overwrite, with
    • the integration system id, and
    • the webhook/sync processing entries around that time.


    2) Diagnostics (platform-side visibility into processing)

    That same guide indicates processed webhook notifications can be verified in Diagnostics (i.e., platform diagnostics rather than Security & Compliance audit). 

    Practical implication: Diagnostics is usually the closest “self-serve” place to confirm that something ran and whether it errored, but it may not always provide a full field-by-field before/after diff.
     

    3) Data Warehouse / SIEM publishing for “actions & audit logs”

    Eightfold’s internal security/audit architecture explicitly references using the Eightfold Data Warehouse for “Actors and Actions (audit logs)” and publishing those logs onward to a SIEM for security/compliance monitoring and investigation workflows. 

    Practical implication: if your goal is an ongoing operational capability—“show me what actions happen on Eightfold data from processes that aren’t UI-based”—the scalable approach is typically:

    • publish audit/action logs to your SIEM, and/or
    • query those “actions/audit” datasets in the Data Warehouse layer (depending on what your Eightfold deployment has enabled).
    Eightfold Community Manager
    A
    • asubramaniam
    • Author
    • New Participant
    • June 1, 2026

    Thank you ​@dkreiger for your clear and detailed responses. Much appreciated. 👍🏻

    Terms & ConditionsAccessibility statement

    Eightfold is the agentic talent intelligence company that gives every HR leader, recruiter, and people manager the intelligence to see, develop, and deploy the full depth of talent around them. Our AI Native Talent Intelligence Platform powers a suite of talent agents, that execute alongside your people across the full talent lifecycle. The first flagship talent agent is the AI interviewer, the only talent agent built specifically to give every candidate the nine o’clock interview, evaluating one or one million with identical rigor and zero bias. By combining enterprise data with insights derived from over one billion career profiles, Eightfold’s Talent Intelligence Platform powers the world’s most complete picture of talent. We read adjacent skills and forecast trajectories to reveal the potential legacy systems miss.

    Talent Intelligence, human led.

    Learn more

    Privacy & legal

    Follow us

    © Eightfold, 2026. All rights reserved worldwide.

    Back to top