2.5.2 Creating Basic Reports
- Yuriy Ostrovskiy (Deactivated)
Hello. In this video, you will learn how to create simple, a.k.a. ‘basic,’ reports in ACDI.
There are two ways to do this. The first is to find a report that is similar to the report you want to get and then save it as a copy to customize or edit it.
The second is to create a report from scratch. Let's do it.
You need to go to the “Manage” submenu, then select “Create New Report.”
On this page, fill in all the mandatory attributes. The Display name serves as the report’s name. Here you can select a color for the Report card.
The main index name is the name of the source type indices that store data. Data from the snapshots are stored in indices with the name starting with “report” when data from events are stored in indices with the prefix audit: “audit-default,” “audit-ad,” or “audit-azure.” Let’s assume you want to create a report based on event data from the eDirectory. This means you need to enter “audit default” as the main index name. Later you will also need to create an entity and select it in this field.
Later you will also need to create an entity and select it in this field.
The “default sort attribute” here will be “Object DN.” Select “Asc” (“Ascending”) for the “Sort order.” Let's set “Amount of records” to 1000. This number represents the number of records you will get in the final table.
Pagination will be enabled later. This number is critical only for heavy reports with a large number of attributes that will be displayed in the final table. The “Default time shift” and “Default time metric” are the settings of the default time selector. Let's go for “7 days.”
Switch on the “Round day-time value” and set it to “day.”
When enabling the “Slice load,” you increase the performance of heavy reports. If you have a huge number of attributes to be displayed in the result table, use the switcher here to enable the feature and the configure size of the slice, for example, 10. Hence, the final results table will be loaded 10 pieces at a time.
Hence, the final results table will be loaded 10 pieces at a time.
Some browsers have limits on data they can display on their front end. That's why you need to set a data limit here to show on the front end. Let's go for 10 megabytes.
Okay, now it’s time to create the first entity.
Let’s name it “audit_users” because the report you are creating now will show only users that have been added during the selected time period.
The “Query to filter” setting is a query that will help you filter only objects with events you are interested in.
For example, you want “Object\Class:User.” Quick note here: Please make sure you always enclose spaces in attribute names with a backslash. Let’s finish the settings: “Object\Class:User AND Operation:ADD.”
In the “DateTime” field you need to define which field you will use as the DateTime field.
All events in the audit indices have two types of dates. One is the audit time, and the second one is the event time.
The difference between them is that the audit time is the time when the driver processes an event. If for some reason the driver loses connection to Opensearch, ACDI will store events in the cache. And the audit time in this case may significantly differ the from event time.
You want to use here “audittime.” For this entity, you need to use the entity index “main” as a source. The “Primary key” for the event attributes will be ‘Object DN” (object name) or any other you want to use in the report.
This report is a simple one, so for now you don’t want to go for any secondary entities and mandatory attributes. Mandatory attribute is a way to filter objects that have at least one value of the selected attribute name.
Here you see that you will get only events that have at least one attribute value.
Now let's go back to the “Report properties” and select the main entity.
Done. The base for your report is ready. You can now save everything.
It's time to define filters and result attributes you want to get in the final table. Let's go to “Filters” and add a few.
So, let’s assume you want a filter on the object name. The “ID of the Filter” will be “object_name.”
In this field, you need to select this entry from the selector. You will learn about the rest of the settings in the following video.
Here you use “keyword” as the source and the entry in the “Sort attribute” will be the same as in the “Attribute Name filter based on.”
Let’s save the settings.
Let's now check the “Result Table Attributes” and add some there.
Enter the “Name of the Attribute” – “Object Name.”
Then select the entity.
You can change the name of the attribute to whatever you want – it’s customizable. Let's now use “User Name.”
Ok, you want to see all values of all attributes of created users. Let’s fill out the fields accordingly and save the settings.
You also need audit time. Click “Save.” Let’s check the report.
For this, you need to go to “Reports” and refresh the load results.
Here you see your report has appeared in a list of reports. Let’s load it.
Here you can see that over seven days there were around 41,000 users added to the system.
The test object was prepared, the filter is selected, and you can see that there's one event with 8 attributes for this user.
Let's run the report. Here are the results. Here are the username, attribute, value, and the time when this user was added.
So this was a basic report. In the following video, you will learn about all the features that the ACDI reporting system contains. Thank you for your attention and take care.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch