...
To brows thru audit indexes to find out the valid attribute names you can either use:
- use the Audit Dashboard
- search thru the audit index using the elasticsearch browser based URL interface
...
Open the default Audit Dashboard and scroll to the table at the bottom of the dashboard. Open one of the events where attribute "Event" is equal "true" using the triangle at the very left of the event row. You'll see all attributes, that are available for an event:
...
Browse audit-default index with
...
Elasticsearch URL interface
You can also look into audit-default report indexes using browser URLs. e.g. to look into the audit-default-2022.05.10 index enter the following command depending on your serves IP or URL and port:
...
The result will look similar to the screen below. Each entry begins with "_index" and the name of the index. Attributes will start after "_source" and are marked red.
For report indexes
To brows thru report indexes to find out the valid attribute names you can use one of the following methods:
- use the History Browser
- search thru the report index using the elasticsearch browser based URL interface
History Browser
Go to the Object Browser and select a report index. Browse thru the tree and the objects you want to know the attributes names. e.g open a user you'll see its attributes:
All bold lines are names of user attributes.
Browse report-default index with Elasticsearch URL interface
For report indexes
You can also look into report-default indexes using browser URLs. e.g. to look into the report-default-2022.04.12 index enter the following command depending on your serves IP or URL and port to search for cn=afuhrmann
https://<server URL or IP>:<port>/elasticsearch/report-default-2022.04.12/_search?pretty&q=cn:afuhrmannThe result will look similar to the screen below. Each entry begins with "_index" and the name of the index. Attributes will start after "_source" and are marked red.
You'll find all attributes the the searched object.
Alias (and view options for field)
...