Export Logs and User-Level Data FAQ

User-level data is the raw data that is logged by Singular's attribution tracker, fraud protection engine, and SKAdNetwork integrations. You can download user-level logs through the Export Logs page (Attribution > Export Logs).

For a description of the fields in each log, see Export Logs: Supported Fields.

This article describes the Export Logs features available to Singular customers. If you are a Singular partner, see Using the Partner Portal.

Troubleshooting the Logs

Why do the conversions/events logs not match Singular's aggregate reporting?

If you download Conversions or Events logs (in the Export Logs page), and the counts don't match what you see in Singular's reporting (the Reports page or API reporting), check the following:

The report may be using cohort analysis

Your report may be displaying events by cohort, meaning that for every day in the date range, the report counts the events that were created by users who installed the app on that day (see What are cohort metrics and cohort periods?). In contrast, events in exported logs are always associated with the actual date and time in which they occurred.

Check the report settings to make sure your cohort period is set to actual so that it shows the events that occurred on the actual date.

Server time vs. adjusted time

The Singular database has two distinct time values associated with each event:

  • The Server Timestamp reflects the time in which the event was received by the Singular servers. This may be significantly different from the original time in which the event occurred if there was a technical delay in sending the event data.
  • The Adjusted Timestamp reflects the original time in which the event occurred.

The date range in the Export Logs page is based on the server timestamp.

The date ranges in the Reports page and other Singular reporting tools (e.g., the Singular API) are based on the adjusted timestamp.

This may cause discrepancies in event counts if, for example, an event that occurred on June 1 was delayed such that it arrived at the Singular servers on June 2. 

» For more troubleshooting tips, see the Troubleshooting Your Reports section.

Why do I see "Organic," "Suppressed," or "Unattributed" in the logs instead of networks and campaign names?

There may be several reasons for these values appearing in your downloaded logs.

1. Real Organic Conversions

If a conversion is judged not to have a paid source, it is marked as organic, and this is how it appears in the user-level logs:

  • Network: "Organic"
  • Campaign: "Unattributed"

2. Facebook Campaigns

Due to end-user privacy concerns, Facebook does not allow us to display user-level data for attributions based on Facebook's self-attributing API. These attributions appear as:

  • Network: "Unattributed"
  • Campaign: "Unattributed"

Note that in addition to the self-attribution API, Facebook also has a separate attribution method based on the Android Install Referrer. Attributions based on that method are displayed with all the normal details in user-level reports.

» For more information, see Facebook Ads Attribution Integration.

3. TikTok View-Through Campaigns

As of March 22, 2022, TikTok requires MMPs to mask user-level data for view-through campaigns due to user privacy concerns. Therefore, if a conversion is attributed to a TikTok view-through (impression-based) campaign, it is displayed as follows both in your postbacks and in the logs:

  • Network: "TikTok Restricted"
  • Campaign: "TikTok Restricted"

» For more information, see TikTok For Business Attribution Integration.

4. The Data Retention Period Has Passed

Some partners require Singular to mask user-level data after a certain period of time has passed due to user privacy concerns. 

If an install or re-engagement is attributed to one of the following, and an in-app event is triggered after the data retention period has passed, you will see the following details in the user-level event logs:

  • Network: "Organic"
  • Campaign: "Suppressed"
Partner Maximum Data Retention Period
Facebook 6 months
TikTok 6 months
Twitter 6 months
Google Ads 6 months
Snapchat 2 months

Tip: If you are receiving postbacks to your internal BI platform that include conversions and events, you can look into the details internally to understand the original acquisition source for the specific device ID.

Why are there fewer Facebook events/installs in the log than in Singular's aggregate reports?

As of October 2021, Facebook does not allow MMPs such as Singular to display user-level information about any install or event that has been attributed through Facebook's self-attributing API. Therefore, these installs and events are not marked as Facebook's in the Export Logs or postbacks sent to your internal BI. The limitation doesn't apply to aggregated data, so Singular does show information about these installs and events in aggregated reports (i.e., the Reports page, Singular API, etc.).

Note that in addition to the self-attributing API, Facebook has another attribution solution, based on the Android Install Referrer. Installs and events that have been attributed through the install referrer do appear in the export logs.

We encourage you to give Singular the Install Referrer Decryption Keys to your apps so that we can provide you with Install Referrer-based information about Facebook campaigns.

» For more information, see Facebook Ads Attribution Integration.


What is user-level data?

User-level data is the raw data that is logged by Singular's attribution mechanism and fraud protection engine

It contains the details of user activities and attribution-related records, including clicks, conversions, re-engagements, in-app user events, postbacks, fraud decisions, and more.

Singular uses this data to calculate the aggregated data you see in reports (e.g., in the Reports page).

As a customer of Singular's attribution service, you can access the raw user-level data and use it in various ways - for example, to cross-check the data in aggregated reports if you suspect there is a problem.

Example: Log showing user-level event data


How can I access user-level data?

There are three ways to access user-level data:

1. The Export Logs Page (Attribution > Export Logs)

The Export Logs page in the Singular platform lets you manually download user-level data for clicks, installs, re-engagements, in-app events, postbacks, and fraud-related data. The page generates a CSV file.

As a customer, you can download data from the beginning of the previous month. For example, if it's mid-February, you can download data for January 1 and onward.

For options available to Singular partners, see Using the Partner Portal: Export Logs.

2. Data Destinations

Singular's data destinations (ETL) push data from Singular directly to your internal BI platform, data warehouse, or storage service. One of the types of data you can export this way is user-level conversions and events.

» Learn more in the Singular Data Destinations FAQ.

3. Configuring Internal BI Postbacks

If you configure Singular to send postbacks to your internal BI platform, you can receive real-time data about installs, re-engagements, in-app events, and fraud decisions.

» Learn more in the Internal BI Postbacks FAQ.

How do I download user-level data from the Export Logs page?

To export a log:

  1. Go to Attribution > Export Logs.
  2. Choose the relevant date range. You can export logs up to the beginning of last month. We recommend keeping the date range as narrow as possible to avoid going over the record limit per download.
  3. Select the app, the app site, and the type of log you want to export (clicks, installs, events, or postbacks).
  4. Select the fields you want to include by dragging them into the Selected Fields box.


    Ensure you select the device ID field while exporting any logs to get accurate user-level data.

  5. Optionally, you can filter the log by Attributed Partners, Countries, Device ID, and Device Type. For event logs, you can also filter by specific events, and for conversion logs, you can filter by conversion type. We recommend filtering the log as much as possible to avoid going over the record limit.Screen_Shot_2020-12-30_at_19.19.49.png
  6. Select Export Log.


  • Facebook does not allow access to any user-level data based on Facebook's self-attributing API. Any field normally identifying a self-attributed Facebook install is marked as "Unattributed." Note that Facebook also has a separate attribution solution based on the Android Install referrer and installs attributed based on this solution do show up in user-level exports. For more information, see the Facebook Ads Attribution Integration documentation.
  • The date range is limited to up to the beginning of last month for Singular customers. For options available to Singular partners, see Using the Partner Portal: Export Logs.
  • The export is limited to 5M records per request.
  • The logs will provide data up to the last 60 minutes of the current day. Select the real-time data checkbox for the past 60 minutes' data.
  • The Singular database has two distinct time values associated with each record in the logs: the Server Timestamp (reflecting the time in which the event was received by the Singular servers) and the Adjusted Timestamp (reflecting the original time in which the event occurred). This may cause discrepancies between the user-level data and aggregated reports (learn more).

Other Notes

  • The timezone field tells you the timezone set for your Singular account. 
  • The timestamped fields (e.g., touchpoint__timestamp) are exported in your configured timezone. Timestamps based on Unix time (e.g., touchpoint__unix_timestamp) are in the UTC timezone.
  • If you would like to change the list of fields exported by default, or add a request for a new field to be exported, contact your Customer Success Manager.
  • If a network requests user-level fraud data and is not enabled to receive fraud postbacks through Partner Configuration, you can download and share the fraud logs with the network. Singular won't share this data with any network over a support ticket without consent. 
What types of logs can I download?


Includes all clicks that were examined to determine the attribution of an install or re-engagement.


Includes information about installs and re-engagement events, who they were attributed to, and other details about the attribution (e.g., was it deterministic or probabilistic).

Note: The location provided for the conversion event is based on the IP from where it was triggered - not on any location detected internally in your app or any user-provided information. If you have another source of location data for the event, you can check it by reading the passthrough parameter sent by your app to Singular.


Includes data about in-app events, including sessions, registrations, purchases, and any other events that have been defined in the app when integrating the Singular SDK/S2S.
When comparing event logs data against event counts in Reports, make sure to use ACTUAL in Reports instead of a cohort period of 1d,7d,14d, etc. Note that Reports don't show data against Unique events for the ACTUAL period.


Includes data about any postbacks sent by Singular (not just postbacks about attribution decisions). The log includes postbacks to your internal BI (if you've configured them) and to third-party analytics tools.

Tip: When downloading postback logs, make sure you select the Response HTTP Code and Response HTTP Body fields. Response HTTP Code tells you if the postback was delivered successfully. A 200 code means success; other values mean there was an error. When there's an error in sending, Singular retries the postback 5 more times, in intervals of 1, 5, 15, 30, and 60 minutes. The Response HTTP Body may include additional details about the error.

SKAN (SKAdNetwork) Postbacks

Logs of the SKAdNetwork postbacks that Singular received from your ad network partners. These postbacks are only available for iOS apps that use SKAdNetwork tracking and for partners who have a SKAdNetwork integration with Singular that involves forwarding postbacks. Learn more about Singular's SKAdNetwork solution.


The raw output of the Singular Fraud Prevention System.

Note that this log includes a row for every touchpoint (click, impression, etc.) associated with an install event, including a row for the "organic install" option, which is also examined as an attribution option for every install (see The Fraud Detection Process for more information). Therefore, you may see multiple touchpoints rejected for fraud for one single install.

What do the different fields mean?

» For a description of the fields in each log, see Export Logs: Supported Fields.

How do I use the logs to cross-check the installs in my aggregated report?
  1. Run a report in the Reports page (or the Reporting API) showing installs by source and campaign.
  2. In the Export Logs page, choose the Conversions log type and pull the following fields for the same date range:


How long does Singular retain user-level data?

In compliance with integrated partners as well as global standards for user privacy, Singular does not retain user-level data for more than 30 days.