Skip to end of banner
Go to start of banner

2.5.2 Creating Basic Reports

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

  • Customization of existing dashboard

Hello. In this video, you will learn how to create simple, a.k.a. ‘basic,’ reports in ACDI.

There are two ways to do this. The first is to find a report that is similar to the report you want to get and then save it as a copy to customize or edit it.

The second is to create a report from scratch. Let's do it.

You need to go to the “Manage” submenu, then select “Create New Report.”

On this page, fill in all the mandatory attributes. The Display name serves as the report’s name. Here you can select a color for the Report card.

The main index name is the name of the source type indices that store data. Data from the snapshots are stored in indices with the name starting with “report” when data from events are stored in indices with the prefix audit: “audit-default,” “audit-ad,” or “audit-azure.” Let’s assume you want to create a report based on event data from the eDirectory. This means you need to enter “audit default” as the main index name. Later you will also need to create an entity and select it in this field.

Later you will also need to create an entity and select it in this field.

The “default sort attribute” here will be “Object DN.” Select “Asc” (“Ascending”) for the “Sort order.” Let's set “Amount of records” to 1000. This number represents the number of records you will get in the final table.

Pagination will be enabled later. This number is critical only for heavy reports with a large number of attributes that will be displayed in the final table. The “Default time shift” and “Default time metric” are the settings of the default time selector. Let's go for “7 days.”

Switch on the “Round day-time value” and set it to “day.”

When enabling the “Slice load,” you increase the performance of heavy reports. If you have a huge number of attributes to be displayed in the result table, use the switcher here to enable the feature and the configure size of the slice, for example, 10. Hence, the final results table will be loaded 10 pieces at a time.

Hence, the final results table will be loaded 10 pieces at a time.

Some browsers have limits on data they can display on their front end. That's why you need to set a data limit here to show on the front end. Let's go for 10 megabytes.

Okay, now it’s time to create the first entity.

Let’s name it “audit_users” because the report you are creating now will show only users that have been added during the selected time period.

The “Query to filter” setting is a query that will help you filter only objects with events you are interested in.

For example, you want “Object\Class:User.” Quick note here: Please make sure you always enclose spaces in attribute names with a backslash. Let’s finish the settings: “Object\Class:User AND Operation:ADD.”

In the “DateTime” field you need to define which field you will use as the DateTime field.

All events in the audit indices have two types of dates. One is the audit time, and the second one is the event time.

The difference between them is that the audit time is the time when the driver processes an event. If for some reason the driver loses connection to Opensearch, ACDI will store events in the cache. And the audit time in this case may significantly differ the from event time.

You want to use here “audittime.” For this entity, you need to use the entity index “main” as a source. The “Primary key” for the event attributes will be ‘Object DN” (object name) or any other you want to use in the report.

This report is a simple one, so for now you don’t want to go for any secondary entities and mandatory attributes. Mandatory attribute is a way to filter objects that have at least one value of the selected attribute name.

Here you see that you will get only events that have at least one attribute value.

Now let's go back to the “Report properties” and select the main entity.

Done. The base for your report is ready. You can now save everything.

It's time to define filters and result attributes you want to get in the final table. Let's go to “Filters” and add a few.

So, let’s assume you want a filter on the object name. The “ID of the Filter” will be “object_name.”

In this field, you need to select this entry from the selector. You will learn about the rest of the settings in the following video.

Here you use “keyword” as the source and the entry in the “Sort attribute” will be the same as in the “Attribute Name filter based on.”

Let’s save the settings.

Let's now check the “Result Table Attributes” and add some there.

Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch

  • No labels