Selecting Overview → (gears icon) → Audit Logs displays the Audit Logs dashboard. The Audit Logs tab is highlighted.
The UNUM Configuration Audit Logs module provides a convenient method of reviewing log events from UNUM instances.
Usage Note: Before any analytics are collected, a fabric must be added and a valid license must be installed and activated.
Audit Logs Dashboard
You sort the list of entries in the dashboard using Time to display new or older events.
A Search box function provides a useful method of searching for audit log events.
You begin by entering an audit log event, i.e., LOGOUT. The dashboard updates with any LOGUT events captured during the search time selected. For example, selecting Last 24 hours displays the following information in the dashboard:
Audit Logs Search Results Dashboard
The audit log related information displayed in the graphical interface is updated with data from the search criteria and the filter information is highlighted in the filter bar.
Multiple searches populate the filter bar. Source and destination search criteria when entered is displayed in additional filter bars.
You can also search using any of the information contained in any of the columns: Time, event.action, event.actor, event.source, event.outcome or event.target.
Audit Logs Search Filters
A filter Actions drop down menu is enabled by clicking the arrow and a list of available filters can be selected to refine the search results.
Audit Logs Search Filter Actions
- Enable – Enables the designated filter
- Disable – Disables the designated filter
- Pin – Pins the designated filter to the Dashboard interface
- Unpin – Unpins the designated filter from the Dashboard interface
- Invert – Invert the designated filter
- Toggle – Switch between filters
- Remove – Removes the designated filter from the Dashboard interface
As you rollover the specific filter the selected filter is highlighted in the filter bar shown in the figure.
Audit Logs Search Filter Action Rollover
Moving the mouse over the filter bar reveals an editing menu providing additional functionality including a query editor as shown in the figure below.
Audit Logs Search Filter Action Rollover Query Editor
Search history can be retrieved by selecting the Clock Arrow.
Prior search history criteria can be deleted by clicking on Clear History as shown below in the figure below.
Audit Logs Search Prior History
The information displayed is updated based on the selected sampling time which can be selected by clicking on the Time link from 5 seconds to 2 hours.
Audit Logs Time Interval
Data collection is stopped using the (Pause) icon and restarted using the (Play) icon.
Alternately, updates can be turned off. Historical information is displayed by clicking on the (Last) Time icon and can display information from current day up to the previous year.
The updated time sampling and historical selection is displayed in the tool bar.
Quick, Relative and Absolute time drilldown monitoring is achieved by selecting the appropriate icon. The Quick method displays data from current day up to the previous year.
Audit Logs Time Ranges
The Relative and Absolute methods provide an expanded and finer level of granularity for selecting data from specific date ranges as illustrated below.
Audit Logs Time Ranges - Relative
Audit Logs Time Ranges - Absolute
Audit Logs Audit Search Details Table
The Audit Logs Audit Search pane provides extensive details regarding the information displayed in the dashboard.
Audit Logs Audit Search Pane Details
You display more detailed information by clicking the expand icon. Tabular data is displayed along with JSON script.
The details are displayed in two tabs:
Audit Logs Search Pane Table Data
Audit Log Audit Search Pane JSON Data
Viewing Document Context
For certain applications it can be useful to inspect a window of documents surrounding a specific event. The context view enables you to do just that for index patterns that are configured to contain time-based events.
To show the context surrounding an anchor document, click theExpand Button to the left of the document table entry and then click the View surrounding documents link.
Note: Additional information on using and configuring UNUM Audit Logs is available at Elastic.