> ## Documentation Index
> Fetch the complete documentation index at: https://www.activepieces.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Event Streaming
> Forward audit events to a webhook and build fully customizable alerts on top
## Overview
Event Streaming forwards platform [audit events](/admin-guide/security/audit-logs/overview) to a webhook URL of your choice. The most common pattern is to point that webhook at a flow inside Activepieces — your flow then routes each event to the channel you care about (Slack, Gmail, Microsoft Teams, custom HTTP, etc.).
Use it to react to flow run failures, new sign-ins, project releases, or any other audit event with the alerting tool of your choice.
## Quick start
The fastest way to get going is the **Generate handler flow** button in the New destination dialog. It builds a webhook-triggered flow with one router branch per event you select, plus a nested branch for failed runs when you pick `flow.run.finished`.
1. Open **Platform Admin → Event Streaming**.
2. Click **New Destination**, pick the events you want to handle, and click **Generate handler flow**.
3. The flow lands in your personal project with a webhook trigger and a router branch per selected event. Sample data is pre-baked so you can hit Test right away, you can add a router step under any event branch to check for specific projects/flows ids.
4. Customize the branches with whatever pieces you like — Slack, Gmail, Microsoft Teams, custom HTTP, and so on.
5. Publish the flow, then go back to the New destination dialog and click **Create** to save the destination.
6. Use the **Test webhook** dropdown in the dialog to fire a sample of any selected event and confirm the round-trip.
## Available events
You can subscribe a destination to any audit event — flow lifecycle, run status, folder/connection changes, user activity, and platform admin actions. See the [Audit Log Events catalog](/admin-guide/security/audit-logs/overview#event-catalog) for the full list and per-event payload details.
## Use your own webhook URL
If you already have a webhook URL — or you want to point Event Streaming at a SIEM, data warehouse, or any other external system — you can skip the handler flow and configure the destination by hand:
1. Go to **Platform Admin → Event Streaming**.
2. Click **New Destination**.
3. Select the **Events** you want to forward.
4. Paste your **Webhook URL** (must be a valid HTTPS endpoint).
5. Use the **Test webhook** dropdown to fire a sample payload for any selected event.
6. Click **Create** to save.
## Payload shape
Every event is delivered as an HTTP POST with a JSON body. The top-level fields are:
* `action` — the event name (for example `flow.run.finished`).
* `data` — event-specific payload, including details like the flow id, run id, status, or affected user.
* `id`, `created`, `updated` — event identifiers and timestamps.
* `platformId`, `projectId`, `userId` — context fields shared across all events.
## Requirements
* **Enterprise Edition**: Event Streaming requires an enterprise plan with Audit Logs enabled.
* **Platform admin**: only platform admins can configure destinations.
* **HTTPS endpoint**: webhook URLs must use HTTPS.
* **Publicly accessible**: your endpoint must be reachable from the internet.
## Troubleshooting
* **Events not received**: verify your endpoint is publicly accessible and returns 2xx status codes.
* **Test fails**: check that your URL is valid and uses HTTPS.
* **Missing events**: make sure the event type is selected in your destination configuration.
## See also
* [Audit Logs](/admin-guide/security/audit-logs/overview) — view every event recorded on your platform