SKyPRO Products
Page tree

Versions Compared

Old Version 7

changes.mady.by.user Andreas Fuhrmann

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Fuhrmann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Teh The Report Editor is a fantastic tool to create customized reports for audit data as well as for snapshot data. But you have to understand its basic logic and its settings. Otherwise you'll be trapped in trial and errors.

Reporting (general parameters)

Display Name

Image Removed

Defines the name of the report as it will appear in the Reporting selection box.

Image Removed

Regex Filter for Index selection

Image Removed

Defines the regular expression which is applied to find the elasticsearch index that is used as the base to the report. If you search for the elasticsearch indexes, that are generated by the audit driver or the snapshot service by default, you will find the following indexes using the browser based URL interface of elasticsearch:

Image Removed

In row index you see the two base indexes to use for reports:

  • "audit-default-yyyy.mm.ss" created dialy by the audit driver
  • "report-default-yyyy.mm.ss" created by the snapshot service each time it runs

"^audit" means select all indexes that do start with "audit". So in this example all available audit indexes will be used for the report.

Index Rename Javascript

Image Removed

This field represents a java script function, how the index name will be presented in the index selection list, when creating the report. The function sais take the name of the index starting with the 7th character and replae all "-" with a blank " ". So the real name of the index "audit-default-2022.05.10" will appear as "default-2022.05.10" in the selection list.

Image Removed

Sort Fieldname

Image Removed

Defines the attribute that is used to sort the report. The field does not to be set as a field on the report!

Sort Direction

Defines the sorting order ascending (asc) or descending (desc) for the sort fieldname defined above.

Image Removed

Fields (to retrieve data from)

In this section you define all fields you want to place on your report based on the index you have defined above. To find the valid attribute names for the different indexes you can use following methods:

For audit indexes

To brows thru audit indexes to find out the valid attribute names you can either use:

  • use the Audit Dashboard
  • search thru the audit index using the elasticsearch browser based URL interface

Audit Dashboard

Open the default Audit Dashboard and scroll to the table at the bottom of the dashboard. Open one of the events where attribute "Event" is equal "true" using the triangle at the very left of the event row. You'll see all attributes, that are available for an event:

Image Removed

Browse audit-default index with Elasticsearch URL interface

You can also look into audit-default indexes using browser URLs. e.g. to look into the audit-default-2022.05.10 index enter the following command depending on your serves IP or URL and port:

https://<server URL or IP>:<port>/elasticsearch/audit-default-2022.05.10/_search?pretty

The result will look similar to the screen below. Each entry begins with "_index" and the name of the index. Attributes will start after "_source" and are marked red.

Image Removed

For report indexes

To brows thru report indexes to find out the valid attribute names you can use one of the following methods:

  • use the History Browser
  • search thru the report index using the elasticsearch browser based URL interface

History Browser

Go to the Object Browser and select a report index. Browse thru the tree and the objects you want to know the attributes names. e.g open a user you'll see its attributes:

Image Removed

All bold lines are names of user attributes.

Browse report-default index with Elasticsearch URL interface

You can also look into report-default indexes using browser URLs. e.g. to look into the report-default-2022.04.12 index enter the following command depending on your serves IP or URL and port to search for cn=afuhrmann

https://<server URL or IP>:<port>/elasticsearch/report-default-2022.04.12/_search?pretty&q=cn:afuhrmann

The result will look similar to the screen below. Each entry begins with "_index" and the name of the index. Attributes will start after "_source" and are marked red.

Image Removed

You'll find all attributes the the searched object.

Alias (and view options for field)

Filter (definitions)

Filter definitions let you filter the data for your report. BUT there are two completely differnet type of filters, that have a different purpose:

  • hidden filters
  • select filters 

Hidden Filters

Hidden filters do not show up in the filter selection when generating the report. So hidden filters have NO EFFECT on select filters even if you make select filters dependend on hidden filters!

Select Filters

Select filter types are:

  • search
  • select
  • selectsearch
  • selectperiod
  • selectrange

Select filters are shown in the filter selection when generating the report. Only select filters you can make dependent on other select filters.

Please check the following section for instructions to the report editor.


Page Tree
root@self