cancel
Showing results for 
Search instead for 
Did you mean: 

Dashboards Using Audit Logs

Nazeer
8 - Cloud Apps
8 - Cloud Apps

Hi Team,

I need to create a cube using Audit logs, can someone help me with how we can connect Logs with Elastic cubes

https://documentation.sisense.com/docs/audit-logs

Thanks

Nazeer 

1 ACCEPTED SOLUTION

KatieG
Sisense Team Member
Sisense Team Member

Hi Nazeer,

The audit logs are located in /opt/sisense/storage/audit
These logs will rotate every 24 hours or when the max file size has been reached:

KatieG_0-1649186117448.png

I've attached a sample model that could be used to get started.

To create the connection from scratch, create an elasticube and add the data as CSV
Choose "Server Access"
Add the input folder path as /opt/sisense/storage/audit
And toggle on "Union Selected"

KatieG_1-1649192149170.png

Select the checkbox next to the file name then hit preview to edit the fields

KatieG_2-1649192251234.png

Toggle off the "First Row Contains Field Names" and set the Delimiter to "None"

KatieG_3-1649192372955.png

Then click 'Done'

This process results in one long string per row. Using custom columns, we can parse the contents of the string into timestamps, users, actions, and action objects.

KatieG_0-1649192825159.png

An example of a dashboard:

KatieG_1-1649192840731.png

Hope that helps!

Katie G | Sisense Pre-Sales Solutions Architect

View solution in original post

3 REPLIES 3

KatieG
Sisense Team Member
Sisense Team Member

Hi Nazeer,

The audit logs are located in /opt/sisense/storage/audit
These logs will rotate every 24 hours or when the max file size has been reached:

KatieG_0-1649186117448.png

I've attached a sample model that could be used to get started.

To create the connection from scratch, create an elasticube and add the data as CSV
Choose "Server Access"
Add the input folder path as /opt/sisense/storage/audit
And toggle on "Union Selected"

KatieG_1-1649192149170.png

Select the checkbox next to the file name then hit preview to edit the fields

KatieG_2-1649192251234.png

Toggle off the "First Row Contains Field Names" and set the Delimiter to "None"

KatieG_3-1649192372955.png

Then click 'Done'

This process results in one long string per row. Using custom columns, we can parse the contents of the string into timestamps, users, actions, and action objects.

KatieG_0-1649192825159.png

An example of a dashboard:

KatieG_1-1649192840731.png

Hope that helps!

Katie G | Sisense Pre-Sales Solutions Architect

Nazeer
8 - Cloud Apps
8 - Cloud Apps

Great Thanks for the help, but how to automate the daily files to fetch into Cube ?

Will that UnionSelected Helps me in doing that ?

Nazeer

KatieG
Sisense Team Member
Sisense Team Member

Hi @Nazeer , using the "Union Selected" option on the data connection screen will UNION all of the files in that folder path together - so you don't need to worry about adjusting the connection each day, it will pull all files 

KatieG_0-1649683521517.png

Keep in mind that the default setting is 30 days of data, this can be adjusted to longer periods of time but if you need to keep for example 6 months or more of audit data, we recommend either:

  • Create a copy task to copy these files to another location for long term storage 
    -OR-
  • Use this API to download the audit data: GET /api/v2/audit

Hope that helps!

Katie G | Sisense Pre-Sales Solutions Architect