02/03/2023 08:11 AM
Hi,
We are trying to integrate Saviynt with Splunk and looking for queries for the following scenarios
It would be a great help if I could the queries or the tables that I need to look at to build these queries.
Thanks,
VK.
Solved! Go to Solution.
02/03/2023 08:44 AM
I believe that you are designing a solution to consume Saviynt data into Splunk by invoking Saviynt Analytics via API calls.
For the first bullets (HR events and task failures), please refer the following documentation which provides the table schema information. You can use Data Analyzer option to create queries and test - if you get desirable results then can use that query to create the run time analytics. Once the run time analytics is created, you can use Saviynt analytics fetchRuntimeControlsData (or fetchRuntimeControlsDataV2 based Saviynt version) to get Saviynt Analytics data.
Regarding the third bullet - the system logs or application logs are Not stored in database, so there is no Analytics that can fetch log level information.
02/03/2023 11:42 AM
Teminated : SELECT USERNAME, FIRSTNAME, LASTNAME, EMAIL, OWNER, CASE STATUSKEY WHEN '0' THEN 'INACTIVE' WHEN '1' THEN 'ACTIVE' END AS USERSTATUS, UPDATEDATE as Updateddate, DEPARTMENTname as 'DEPARTMENT' FROM USERS WHERE UPDATEDATE > DATE_SUB(CURDATE(), INTERVAL 30 DAY) AND STATUSKEY = 0;
New : SELECT USERNAME, FIRSTNAME, LASTNAME, EMAIL, OWNER, CREATEDATE, CASE STATUSKEY WHEN '0' THEN 'INACTIVE' WHEN '1' THEN 'ACTIVE' END AS USERSTATUS, U.DEPARTMENTname as 'DEPARTMENT' FROM USERS U WHERE CREATEDATE > DATE_SUB(CURDATE(), INTERVAL 30 DAY) AND U.STATUSKEY = 1;