ThingWorx Model Definition and Composer > System > Subsystems > Audit Subsystem > Online and Offline Audit Data
  
Online and Offline Audit Data
Online Audit Data
The online audit entries are maintained online based on the values specified for the maxEntriesOnlineAuditData and DaysOnline parameters of the Audit Subsystem.
See also Searching Audit Messages for optional parameters of the QueryAuditHistory service and Exporting Audit Data for information on using the ExportAuditData service to export the JSON file.
Offline Audit Data
Offline audit data provides a storage location for audit data that you do not need to access often but that you want to keep for administrative purposes. The archive operation copies online audit data to offline storage. Based on the retention criteria for online audit data, the online data may or may not be deleted from online storage when the copy is complete. Recall that the retention criteria specify the number of days to retain audit data online and the threshold for the number of rows in the online audit data table. When either of these criteria is met at the time an archive is started, some (or potentially all) online audit data is deleted after the archive operation. It is still possible that neither of the criteria is met when the archive operation runs, so that audit data exists in both the online table and the offline storage.
The export operation first calls the ArchiveAuditHistory service and then copies the requested data from the AuditArchiveFileRepository to the specified export file.
Archiving is automatic and runs daily by default. The online audit messages are persisted to files that are stored in the File Repository of the Audit Subsystem (AuditArchiveFileRepository). You cannot configure this repository.
* 
Offline in this context means that the audit messages can no longer be filtered or searched, and that they are no longer stored in the database.
The offline files are archived without localization. An offline reader service, called ExportAuditData, is available to retrieve them, based on a specified locale. See Exporting Audit Data for more information.
The hierarchy for offline archive files follows:
Hierarchy of Offline Archive
The dated folder is for the date of the Audit messages it contains, NOT the date that the archive was run. As shown in the diagram above, the format of the dated folder name is YYYY-MM-DD (ISO 8601) format, with a new folder for every day of audit messages. The "Offline Audit Chunks" are in a zipped JSON file that contains audit messages for that date. The default chunk size is 50,000 rows (the minimum size). A system administrator can change the default size of chunks in the configuration of the Audit Subsystem. For example, the system administrator could specify a chunk size of 70,000 rows. A zipped chunk file would exist for that many rows of messages in the dated folder. If every audit entry were ~1KB, the size of a chunk file would be around ~70MB unzipped or in memory.
Data Retention and Performance
To maximize performance, a balance of online audit data and offline data storage is required. The Audit Subsystem provides both archiving and purging operations to help you achieve the optimum balance for your system. You can use the following properties of the subsystem to control the retention of online audit data:
DaysOnline — The archive operation checks the DaysOnline parameter of the Audit Subsystem to determine which audit messages should be archived and which should remain available online. The DaysOnline parameter specifies how may days’ worth of audit data should be retained online. The default number of days to retain online audit data is 60.
maxEntriesOnlineAuditData — This threshold setting for the Audit Subsystem specifies the number of rows that can exist in the online audit data table before the purge operation is invoked.
The settings for these parameters determine how much audit data will be retained when the ArchiveAuditHistory service runs (whether automatically as determined by the scheduler thing or manually invoked). The ArchiveAuditHistory service will first archive all the online audit data. Online audit data that is older than the value of DaysOnline AND online data that exceeds the maximum online row count, will be purged after it has been archived.