Credential Stuffing Logs

auth0.knowledge2 · June 13, 2025, 7:22pm

Overview

This article explains the associated log types and how to export the logs related to credential stuffing.

Auth0 supports a subset of Lucene query syntax to refine log searches.

By constructing queries with specific date ranges and criteria, logs can be filtered effectively. See Log Search Query Syntax
For instance, to search for logs with the specific log types(Credential stuffing) and within a desired date range, the following query can be used:
- date:[2025-04-30 00:00:00.000 TO 2025-04-30 23:59:59.000]AND (type:f OR type:fu OR type:fp OR type:pwd_leak OR type:limit_wc OR type: limit_sul OR type:limit_mu)

The Auth0 Management API provides an endpoint to retrieve logs.

By utilizing the GET /api/v2/logs endpoint, logs can be fetched programmatically.
It is important to note that the Auth0 Management API has rate limits and pagination, so retrieving a large number of logs may require handling paginated responses.
- Detailed information on retrieving logs using the Management API can be found at Search log events

For more control and comprehensive analysis, exporting logs to external services is recommended.

Auth0 offers log streaming capabilities that allow logs to be sent to third-party services such as Splunk, Datadog, or Azure Monitor. See Log Streams
NOTE: Auth0’s log retention period varies depending on the subscription plan.

Topic		Replies	Views
Get all successful login logs Get Help logs , management-api	2	1528	September 28, 2023
Event logs search query limitations Get Help auth0 , logs , lucene	5	2210	February 2, 2023
Consistency in the Logs API Get Help logs , management-api , api-2	3	4096	March 2, 2018
Tips on Searching Tenant Logs for Activity Between Two Dates Knowledge Articles	1	756	November 2, 2023
Filter logs by date Get Help logs , api-2 , search	6	6467	March 2, 2018