Hello. In this video you will learn about all options and settings in ACDI Reporting – what they mean and what they can influence.
Let's go to "Manage", then 'Report Editor" and select a report, for example, the NetIQ Role Request report.
This is a complex report that has many entities, linkages, and all kinds of filters as well as enabled postprocessing. Let's start from "Report properties".
So, in this tab you can define "The Report ID", "Display Name", and "Description".
The entries from the applied settings will be displayed on a report's card. Here you can see it.
You can also add a base 64 encoded .png icon and it will be shown in the card. Additionally, you can define the background color, "The report version" - the default version of the reporting system is 4 (the latest one).
Tags can also be added. With tags you will be able to filter reports and put them into custom reports submenus.
One of the most important settings is "The Main index name".
The data in ACDI is stored in different kinds of indices grouped by special aliases. Aliases starting with "workflow" contain events received from the eDirectory Workflow Monitoring package, then indices starting with "report" contain data received from the snapshot services.
"Default" stands for the first default - eDirectory – connector. You can have an Active Directory connection or some secondary data connectors. You'll have here the suffix which is the name of your LDAP connection.
You can check the suffix of your current connection in "Administration" – “Core Engine".
Here you'll see the list of connections. Each connection has its own indices settings.
The indices settings are to be found in "Audit Server - "Indices settings".
Here are two connections and in their settings, you can check main alias for the snapshot services and for the event-related service.
Reports with the prefix "audit" contain the audit data received either from the eDirectory ACDI driver or from the Event Service for Active Directory. Indices with this alias contain information about events, changes of objects in eDirectory or Active Directory.
Okay, the entity here, which will be used as the main one, can be defined only when you create at least one entity in the "Entities" tab. This main entity serves as the root of all reports.
"Default sort attribute" and "The Sort order - ascending or descending. Here you define the number of objects which will be displayed on the page. It's required for the pagination. And here you can enable or disable the "Show Flat result" option. You can learn more about this option in our previous videos.
For the setup of "The default time shift" are used the following values: days, weeks, months, and years. "Days" is set as a default time shift which will be applied to a date picker in the filtering stage. Here are "Round date-time value", "The default round date-time metric" and "The Slice load". If you have a report that includes many secondary entities and you need to display a large number of attributes with long strings, as well as you have many post-processing functions to transform results, then you will benefit from using "The Slice load" option which increases performance and prevents the reporting system from crashing. With this option enabled, records will be loaded to the resulting table by bulks the size of which you define in the setting right next to this one. Moreover, you can also limit the size of data to be shown on the front-end, since some browsers don't process big sizes of data on front-end. Let's go to the second tab "Entities".
"Entities" is a powerful tool that allows you to link different objects not only from types of indices but also from different indices. For example, for snapshots from eDirectory and Active Directory to link data from snapshots with data from events, from events changes, and so on.
Each entity can be configured in different ways. Let's go through all of them. The first one is "Name of the entity." The second one is "Query to filter," which allows you to filter results for these objects. The "Advanced filter" can be turned on or off. It will be updated in later ACDI versions.
Here is "The DateTime field": for data from snapshots it can be either "initDateStamp" or just "DateStamp." The difference is that "initDateStamp" is the moment when the snapshot was started while "DateStamp" is the exact time when the snapshot of this object was taken. It's recommended to use "initDateStamp" for the snapshot-based entities. For entities based on audit events, in "The DateTime field" can be selected either "audittime” or "eventtime."
You can use the alias "main" to apply to the main index name/alias you’ve defined in the "Report properties," or you can input the index name/alias here directly. In this case, when then you use main, you automatically set the source alias for indexes "report-default." So, these two options here are equal.
The next setting is "Entity primary key." Usually, it's "dn" or "guit."
Also, in ACDI there is an additional option to filter out objects that do not have at least one value of attributes entered as mandatory. Later you can filter out these results from the search and from the result table. The option can be turned on or off in the "Filters" and "Result Table Attributes" tabs.
Moreover, a major option is "The relations" (between entities). You can observe these relations on a report graph where they are depicted with yellow arrows.
In this option, you define the following settings: "Source Attribute,” "The relation type" — one or many.
"The link query type," which is used to link entities. It's a strict matching or you can use the regular expression (regex). More detailed information can be found in the OpenSearch Lucene syntax documentation.
Here you can apply one of the post-processing functions to parse the value you need.
With this switcher, you enable or disable the post-processing option. You can also enable linking entities by exact date_time values to get results, for example, only from the same snapshot.
For "The Destination Entity" you need to define an entity from a secondary link. And "Destination Attribute" together with "The relationship type."
Let's look at this example closer by opening one of the requests in the History Browser. You can find the attribute "nrfsourcedn" and see it contains the direct DN of a role.
It has the same format as the role attribute DN. In this case, you don't need to do any transformations.
Let's assume you want to link requests with a list of approvers. The DN of approvers is located inside of an XML file, and thus you need to use a post-processing function to parse it. The next step is to paste it and use it as a link from one side. So, you must create a regular expression on the other side.
You can see that from the side of requests the "term" query is used, and the "regex" query is used to link secondary entities with the primary/main one. Additionally, the post-processing option is enabled to transform and parse values from the attribute you defined as a link. Let's go to "Filters."
In ACDI there is a plethora of basic filters. Let's go through all of them.
This is how the filters look when you run a report.
One of the filters is for the datetime strings. Let's see what a value for the attribute "nrfStartDate" looks like.
Here is a request from the History Browser found beforehand so you can check the value. You see here that it is a string with format year, month, date, hour, minutes, seconds, and time zone.
Hence, you need to select the "date_time" here and define a few settings, namely, "The DateTime Format Pattern" and "Type of DateTime field" – here it's either "date" or "date_string." The "Direction of dateTime shift" setting must be set to "last" or "next" and "Default time shift from now" is 7 days (set by default).
There is a nuance when using these filters: until you apply them, none of the objects will be affected. To apply a filter, you need to click an option, either from or to, and then click the "Apply" icon.
Let's now discard filters. To discard filters, you need to click the "Clear all" icon.
The other filter type is "autocomplete_search". This is a standard filter where you can enter any value and get results from which you can select the options you need.
The last filter type is the predefined one. You can find an example of this filter in the NetIQ Audit Driver Status report.
Choose using results from OpenSearch or the predefined values.
Then you select "predefined" here in this setting, and in the last filter setting you need to define a JSON array which will be used as a source for the predefined data.
It looks the same as a standard autocomplete search, but it will only have values you entered as the date source.
Now let's go through all the settings you can define for filters.
The first one is "Name of the Filter." You can see it in the label of a filter.
Here is also "ID of the Filter" which is displayed in the label of a filter, and you are able to find it in a Report Graph. It's used to link filters with entities. Make sure you keep it unique.
The third option is a selector for entities for which the filter "Entity filter belong to" will be applied.
"Data source name" - it's either a search from OpenSearch or the predefined data.
Here you define the data attribute name that will be used for filtering. Please take into account that this setting is case-sensitive.
"The Attribute field type" setting is for attributes that have a string type. Here we have "keyword" by default. The difference between "field" and "keyword" is a type of search used to implement this filtering. More detailed information about this difference can be found in OpenSearch documentation.
"Sort Attribute." "The Sort order." Here are "Additional Attributes" which you may need later in post-processing.
In this setting you select the filter type: "autocomplete_search" or "date_time."
You see here switchers for multiple settings that define the behavior of your filter. The "Filter multiple selection" setting is responsible for the way how search will work in "start," "between," "end," or use the regular expression to match characters you enter in the search field.
Here you can enable the "Case-sensitive search" option. "Delay to start autocomplete search" refers to the delay between the time you start typing and the search process, a.k.a. actual search. The "Collapse result" has an impact on performance but take into account that it will work only for single value attributes. "Filter out all identical values," "Filter out all empty values," and the last option which will filter out entities that don't have the mandatory attributes you defined in "Entities."
This is a default behavior. Later, when you are in the filtering stage, you will be able to update these options from the web interface but your changes won't be saved for all reports. It will only work for one operation within the report.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch