Selecting Overview →  (gears icon) → Audit Logs displays the Audit Logs dashboard. The Audit Logs tab is highlighted.  


The UNUM Configuration Audit Logs module provides a convenient method of reviewing log events from UNUM instances.


UNUM provides access to specific feature help documentation via the Help Button  icon.


Usage Note: Before collecting any analytics, add a Fabric and install and activate a valid license.





Audit Logs Dashboard


You sort the list of entries in the dashboard using Time to display new or older events.


Export Data


Click on Export to export data to a CSV file. You have the option to Open or Save the File.



Search Pane Export Data Example


A Search box function provides a useful method of searching for audit log events.


You begin by entering an audit log event, i.e., LOGOUT. The dashboard updates with any LOGUT events captured during the search time selected. For example, selecting Last 24 hours displays the following information in the dashboard:




Audit Logs Search Results Dashboard


The audit log related information displayed in the graphical interface is updated with data from the search criteria and the filter information is highlighted in the filter bar.


Multiple searches populate the filter bar. Source and destination search criteria when entered is displayed in additional filter bars.


You also search using any of the information contained in any of the columns: Time, event.action, event.actor, event.source, event.outcome or event.target.


Rolling over each column reveals a icon used to Add or Remove filters from the search criteria.



Audit Logs Filter Selectors


Audit Logs Search Filters



A filter Actions drop down menu is enabled by clicking the Actions arrow and a list of available filters selected to refine the search results.


Audit Logs Search Filter Actions

All Filters:


  • Enable – Enables the designated filter
  • Disable – Disables the designated filter
  • Pin – Pins the designated filter to the Dashboard interface
  • Unpin – Unpins the designated filter from the Dashboard interface
  • Invert – Invert the designated filter
  • Toggle – Switch between filters
  • Remove – Removes the designated filter from the Dashboard interface


As you rollover the specific filter the selected filter is highlighted in the filter bar shown in the figure.


Audit Logs Search Filter Action Rollover


Moving the mouse over the filter bar reveals an  editing icon providing additional functionality including a query editor as shown in the figure below.



Audit Logs Search Filter Action Rollover Query Editor


Retrieve Search history selecting the Clock Arrow.


Delete prior search history criteria by clicking on Clear History as shown below in the figure below.



Audit Logs Search Prior History


The information displayed is updated based on the selected sampling time. Select the sampling time by clicking on the Time link from 5 seconds to 2 hours.



Audit Logs Time Interval


Stop data collection using the   (Pause) icon and restarted using the  (Play) icon.


Alternately, turn off updates as desired.


Historical information is displayed by clicking on the (Last) Time icon and can display information from current day up to the previous year.


The updated time sampling and historical selection is displayed in the tool bar.



Quick, Relative and Absolute time drilldown monitoring is achieved by selecting the appropriate icon. The Quick method displays data from current day up to the previous year.



Audit Logs Time Ranges


The Relative and Absolute methods provide an expanded and finer level of granularity for selecting data from specific date ranges as illustrated below.



Audit Logs Time Ranges - Relative



Audit Logs Time Ranges - Absolute


Audit Logs Audit Search Details Table


The Audit Logs Audit Search pane provides extensive details regarding the information displayed in the dashboard.



Audit Logs Audit Search Pane Details


You display more detailed information by clicking the  expand icon. Tabular data is displayed along with JSON script.


The details are displayed in two tabs:



Audit Logs Search Pane Table Data


Audit Log Audit Search Pane JSON Data


Viewing Document Context


For certain applications it is often useful to inspect a window of documents surrounding a specific event. The context view enables you to do just that for index patterns that are configured to contain time-based events.


To show the context surrounding an anchor document, click theExpand Button to the left of the document table entry and then click the View surrounding documents link.


Note: Additional information on using and configuring UNUM Audit Logs is available at Elastic.