Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

SQL query for all audit events in a time period

vivekbksingh
New Contributor III
New Contributor III

We need to either create or use existing analytic which can give us all audit events in a time period.

Can this be achieved by a single sql query ( single analytic)? If yes then please help us with the query.

4 REPLIES 4

rushikeshvartak
All-Star
All-Star

select ua.TYPEOFACCESS as 'Object Type',ua.ActionType as 'Action Taken',u.username as 'Accessed By', ua.IPADDRESS as 'IP Address',ua.ACCESSTIME as 'Event Time',ua.DETAIL as 'Message' from users u , userlogin_access ua, userlogins l where l.loginkey = ua.LOGINKEY and l.USERKEY = u.userkey and ua.AccessTime >= (NOW() - INTERVAL 90 Minute) and ua.Detail is not NULL

https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Queries-for-generating-User-Login-reports.htm

https://docs.saviyntcloud.com/bundle/Splunk-Guide/page/Content/Managing-Application-Audit-Logs.htm


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi,

As I understand we need to run the analytics to get audit logs via APIs. Is there a way i can a get audit logs directly via an api i.e without running analytics. 

Running analytics may give me some old data which already have from previous run. 

Also, is there any api for server logs? 

Only way is analytics, APIs are not available


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.