Hi @amenocal, you did not make a mistake, the GraphQL Audit Log feature is far from complete in terms of events covered in comparison to audit events in the GUI, so in practise does not allow you keep copies of your audit log data (all events) and monitor as inferred in the product documentation. It is also complicated as you need to write code to query specific data fields related to events to make them useful as well.
You will find a list of the limited audit events available in GraphQL at this link Interfaces - GitHub Docs
Whilst the GraphQL will not go away you can expect the future for pulling complete audit log data that would allow you keep copies of your audit log data (all audited events) and monitor will be via the new REST API feature https://github.blog/changelog/2020-12-10-audit-log-git-events-and-rest-api-now-available-in-limited-public-beta.
[Reviewing the audit log for your organization - GitHub Docs](https://audit log for your organization using the rest api).
In addition to git audit events being visible in the REST API Audit log, it also contains all the events you can see in the GUI, it does not currently provide these in ascending order (which is more appropriate for a pull process to allow you to keep copies of your audit data), but I have requested this.
There is nothing in the public roadmap as yet but customers have also asked push/stream type models for audit log data, so its something being looked at by GitHub. I am also hopeful that smaller items where an audited event may be missing, or missing some relevant data for the event may be remedied quicker as 2021 progresses.