Forum Discussion

Nazeer's avatar
Nazeer
Cloud Apps
04-04-2022
Solved

Dashboards Using Audit Logs

Hi Team, I need to create a cube using Audit logs, can someone help me with how we can connect Logs with Elastic cubes https://documentation.sisense.com/docs/audit-logs Thanks Nazeer 
Code-first Analytics
Technology
  • KatieG's avatar
    KatieG
    04-05-2022

    Hi Nazeer,

    The audit logs are located in /opt/sisense/storage/audit
    These logs will rotate every 24 hours or when the max file size has been reached:

    I've attached a sample model that could be used to get started.

    To create the connection from scratch, create an elasticube and add the data as CSV
    Choose "Server Access"
    Add the input folder path as /opt/sisense/storage/audit
    And toggle on "Union Selected"

    Select the checkbox next to the file name then hit preview to edit the fields

    Toggle off the "First Row Contains Field Names" and set the Delimiter to "None"

    Then click 'Done'

    This process results in one long string per row. Using custom columns, we can parse the contents of the string into timestamps, users, actions, and action objects.

    An example of a dashboard:

    Hope that helps!

KatieG's avatar
KatieG
Sisense Employee
04-05-2022

Hi Nazeer,

The audit logs are located in /opt/sisense/storage/audit
These logs will rotate every 24 hours or when the max file size has been reached:

I've attached a sample model that could be used to get started.

To create the connection from scratch, create an elasticube and add the data as CSV
Choose "Server Access"
Add the input folder path as /opt/sisense/storage/audit
And toggle on "Union Selected"

Select the checkbox next to the file name then hit preview to edit the fields

Toggle off the "First Row Contains Field Names" and set the Delimiter to "None"

Then click 'Done'

This process results in one long string per row. Using custom columns, we can parse the contents of the string into timestamps, users, actions, and action objects.

An example of a dashboard:

Hope that helps!