tigera · ctauchen · Jan 12, 2026 · Jan 7, 2026 · Jan 7, 2026 · Jan 7, 2026
@@ -75,7 +75,7 @@ You can find links to these preview builds as comments from Netlify.
 * Deploy preview. A full build with our production configuration.
 * Deploy preview for _calico-docs-preview-next_. This builds the site based on the current state of our unversioned development directories:
   * `calico/`
-  * `calico-enteprise/`
+  * `calico-enterprise/`
   * `calico-cloud/`
 
 If you're making changes to an upcoming version of any of the products, review your changes in _calico-docs-preview-next_.

@@ -0,0 +1,59 @@
+---
+description: Learn how to use Policy Activity Logs to gain visibility into policy and rule activity.
+---
+
+# Policy Activity Logs
+
+:::note
+
+This feature is tech preview. Tech preview features may be subject to significant changes before they become GA.
+
+:::
+
+## Big picture
+
+Policy Activity Logs provide granular visibility into network policy behavior within your cluster.
+
+## Value
+
+Track exactly which rules are evaluated and triggered, offering policy-centric context that complements standard Flow Logs.
+
+## How it works
+
+- **Collection**: The Calico Enterprise automatically monitors policy and rule evaluations across your cluster.
+- **Storage**: These events are securely forwarded and indexed in your Elasticsearch cluster for analysis.
+- **Analysis**: You can query the logs to audit network policy and rules and validate policy enforcement history.
+
+## Accessing the data
+
+You can access Policy Activity Logs by querying Elasticsearch directly or visualizing them in Kibana (if configured).
+
+### Log structure
+
+Each log entry contains the following key fields:
+
+| Field             | Description                                                                                  | Example                          |
+| ----------------- | -------------------------------------------------------------------------------------------- | -------------------------------- |
+| `policy.kind`     | The type of the policy (e.g., `NetworkPolicy`, `GlobalNetworkPolicy`).                       | `NetworkPolicy`                  |
+| `policy.namespace`| The namespace where the policy is defined.                                                   | `my-test`                        |
+| `policy.name`     | The unique name of the policy.                                                               | `my-tier.my-networkpolicy`       |
+| `rule`            | The identifier for the specific rule that was triggered, formatted as `{generation}-{direction}-{rule_index}`. | `2-ingress-4`  |
+| `cluster`         | The name of the cluster where the activity occurred.                                         | `cluster`                        |
+| `last_evaluated`  | The timestamp when the rule was last evaluated.                                              | `2025-12-01T23:09:28.384714204Z` |
+
+### Sample query in Elasticsearch
+
+To find policies unused for 90 days:
+
+```
+GET tigera_secure_ee_policy_activity*/_search
+{
+  "query": {
+    "range": {
+      "last_evaluated": {
+        "lte": "now-90d"
+      }
+    }
+  }
+}
+```
@@ -392,6 +392,7 @@ module.exports = {
               link: { type: 'doc', id: 'observability/elastic/l7/index' },
               items: ['observability/elastic/l7/configure', 'observability/elastic/l7/datatypes'],
             },
+            'observability/elastic/policy-activity',
             'observability/elastic/troubleshoot',
           ],
         },