If you see the same trailhead as you have mentioned, it defines Events as:
Event monitoring is one of many tools that Salesforce provides to help keep your data secure. It lets you see the granular details of user activity in your organization. We refer to these user activities as events.
As I understand and with the information available on the documentation, this signifies that event logs captures any activity by a User viz., accessing a record, editing a record, etc., but not necessarily anything on the record data itself as what was changed vs. what not. You will still need to rely on your audit history to be able to track any change on data.
Further, for your question:
Are they implying that changes to objects are recorded in event monitoring under the event type API? If so... I'm not seeing them or not seeing them in any detail that is.
The answer is Yes. The "user activity" as accessing the record does get captured but it does not capture which "fields" on the record was changed. The event type API captures any Web Services API interaction per its definition:
API events contain details about your organization’s Web Services API activity.
Taking a quick look at all available event types, there definitely does not look any support for any field level interactions.
And if you download an event log file, you will get to see all the details as captured in the file but not exactly the details you need as part of audit trail. The event log file definition mentions that it captures operational events, whereas any change on the record where values are changing are necessarily transactional in nature.
The event monitoring product gathers information about your Salesforce org’s operational events, which you can use to analyze usage trends and user behavior.
Unfortunately, I came to a dead end on this one. I believe you're going to need to get Support involved. Here's what I found out.
The key prefix 888
is for an object called OauthConsumer
, with the label Remote Access
. This object cannot be interacted with as a system administrator. Attempts to describe or query the object in any API I tried returns the usual "sObject type 'OauthConsumer' is not supported" error (note proper title-case, so it is indeed a restricted object).
If you try to use the key prefix as a URL, /888
, you'll be taken to the URL: /identity/app/RemoteAccessRedirectPage.apexp?retURL=%2F02u
, which tells you that it's been moved to Applications. You'll be redirected to Setup > Create > Applications in Classic mode (/02u
). None of the records I see here have that key prefix...
You can try using /888U00000004CPV
as the URL, it may redirect you to the correct Application, or you may just get some sort of weird Data Not Available
type error. If it gets you where you need to be, great.
As for the former part, what that help topic does't tell you is that:
Enterprise, Unlimited, and Performance Edition organizations have free access to the insecure external assets, login, logout, and total API usage event log files with 1-day data retention. For an extra cost, you can access all log file types with 30-day data retention.
You don't get the logs you need unless you pay for it. That said, you can probably request temporary access to this feature so you can get the data you need.
Best Answer
Assuming you are talking about this mechanism Using Event Monitoring then in general you will need to use some technology other than Salesforce/Apex to do the work e.g. one of the stacks available on Heroku. You will need to write code that makes the REST web service calls, parses the data and constructs the CSV output.
The problem is that the event monitoring data volumes are large and so it is easy to exceed the 6MB/12MB (for synchronous/asynchronous code) Apex heap limit as streaming IO is not supported. So using Apex - you can make REST calls from Apex - only makes sense if you are sure that the data returned by the API calls you need to use plus the output you want to generate all fit within the relatively small heap limits.