Monitoring the Audit Log
This topic explains how to use ThingWorx Composer's Monitor to view and sort online messages collected by the Audit Subsystem. The Audit Log page provides the same filtering and pagination tools as for Thing Groups in Composer. Only Administrators can access the Audit Log tool. The important aspects of using this tool consist of the following:
• As part of an overall design change for search/filtering mechanisms in ThingWorx Composer, the filtering tools provide simple and advanced querying capability, including the ability to select operators such that the filters can be used with AND and OR operators and the ability to select from a list of Condition, such as "contains" or "is exactly".
• You can filter on any column title, such as Audit Category, Source, or User, but not on the Message content.
• When entering a value for the Audit Category, you must enter the localization CategoryKey for that category if you choose the Condition, is exactly. However, if you choose the Condition, contains and enter Modeling in the Value field,.the filter works.
 |
For a list of Audit Categories and their localization CategoryKeys, refer to the table, Audit Categories, Audited Events, and Their Keys (Localization Tokens).
|
• You cannot use the wildcard character * in the Value field for an Audit Category and expect results. However, if you know that a localization CategoryKey ends with, for example, the letter "t", you can choose the ends with condition and type the letter t.
• The results returned are from the online message store of the Audit Subsystem.
• Sort selections and pagination are retained when refreshing or navigating away from the Audit Log page.
To access the Audit Log page and view messages, follow these steps:
1. Log in to ThingWorx Composer as an Administrator.
2. In the left navigation panel, click 
, and then click Audit Log, as indicated in the figure below:
, and then click Audit Log, as indicated in the figure below:
The Audit Log page appears, unfiltered and paginated. The default number of results is 50 items per page: For example, if you have a 1,000 results at 50 messages per page, the results span 20 pages. Filtering tools are provided above the results table. Navigation tools are provided below the table, as indicated in the following figure:
This group of audit messages and additional messages that are not visible in the figure above are used for the rest of the steps in this procedure.
3. To paginate the unfiltered audit log, use the widgets under the table:
◦ Show allows you to select how many messages you want to see on a page of results. Select a number for the dropdown menu: 10, 25, 50, 75, or 100. The default value is 10. For example, suppose you choose 10 items per page. When there are more than 10 results, the page numbers appear in square boxes. Click a page number to display that page. Alternatively, you can use the Jump to page widget.
◦ Jump to page: allows you to move among the pages of results by typing the desired page number. The number of pages depends on the number of results returned and the number of results per page that you selected.
4. To filter audit messages, click the down arrow in the Filter by field. When the list appears,select the type of filter you want to use. The following example shows how to select Source Type:
After you select the filter type, the Condition field becomes active.
5. Click the down arrow, and from the Condition list, select an operator for the filter. In this example, the condition selected is is exactly:
The Value field becomes active. If there is a fixed set of values for the filter type, you can select a value from a list. Otherwise, you can type the value in the field.
6. In the Value field, type the value for the Source Type filter. Continuing the example, the Source Type for an audit message must match exactly Organization.
7. When it becomes active, click the Add button. The following message appears, showing your added filter. Continuing the example, here is the message:
The number of filters increments to 1, and the results are displayed:
As shown above, there is one filter and only one audit message matched the Source Type, Organization.
8. To apply a second filter to the results, repeat steps 4 through 7. For example, select Audit Category from the Filter by list. Then select the Condition, contains, and type the Value, Modeling. When it becomes active, click the Add button.
| | For the Audit Category, choose the contains condition since it returns results without your having to specify the entire localization token for the category. Should you need the localization token for an Audi Category, refer to the table, Table 128 in the ThingWorx Audt Messages topic. |
For the example, the following message appears, showing the second filter:
The number of filters increments to 2. By default the filters are joined by AND. Depending on the activity on your system, how often audit messages are archived, and how long it has been since all online messages were archived, the results will differ. Continuing the example, the following figure shows no result:
When you select AND, messages must match both conditions. In this case, no messages match both the Source Type and the Audit Category.
9. Separately, each filter in this example should return at least one audit message. To get results, the join option is changed by clicking the down arrow and selecting OR, as shown here:
After you change the join option, the page refreshes to show the results. Continuing the example, results are returned for both filters, as shown here
10. Consider another example of applying two filters. Here, the Source Type is Thing and the Audit Category is Modeling. The filters are joined by AND, with the following results:
As you can see in the figure above, the AND option returns those messages that match both filters.
11. What happens if you add one more filter to those used in the figure above and join them with AND? In this example, the third filter is Source: is exactly: asdf, where asdf is the name of a Thing. The following three filters are joined by AND:
a. Source Type: is exactly: Thing
b. Audit Category: contains: Modeling
c. Source: is exactly: asdf, where asdf is the name of a Thing
Here are the results of applying these filters on the audit messages shown in the unfiltered Audit Log page shown in Step 2:
The results show two audit messages that match all the criteria.