Querying Legacy Audit Data While Direct Persistence Is Enabled
While Direct Persistence is enabled in Audit Subsystem Configuration, all Services that process or handle data are switching to Direct Persistence model - only data generated while it is enabled will be accessible. To enable users to access their data saved in Legacy format (DataTable entries in AuditDataTable entity), an alternative way of accessing those records must be explained or provided.
 |
It is recommended to export legacy audit data to cold storage during a maintenance window before switching to Direct Persistence. Where this is not always possible, the rest of this section offers helpful workarounds.
|
You can use the AuditDataTable entity to query Audit 1.0 ("legacy") information. The AuditDataTable entity is part of a subset of DataTable entities that have some additional restrictions added, such as disallowing entries update, and can use most of the same services as other DataTable entities.
One such service is QueryDataTableEntries. This service allows you to use Data Tags, source and JSON Query to filter retrieved results.
 |
Data Tags for Audit entries are always empty.
|
To run this service, specify the same JSON Query parameters as when running QueryAuditHistory or QueryAuditHistoryWithQueryCriteria. The following JSON Query example uses User and Timestamp filters and sorts entries from newest to oldest.
|
|
Pagination is not supported with the Data Table query services.
|
The following is an example of a JSON query:
{
"filters": {
"type": "AND",
"filters": [
{
"type": "EQ",
"fieldName": "user",
"value": "Administrator",
"isCaseSensitive": true
}, {
"type": "BETWEEN",
"fieldName": "timestamp",
"from": 1577836800000,
"to": 1609459199000
}
]
},
"sorts": [
{
"fieldName": "timestamp",
"isAscending": false
}
]
}
|
|
This service returns raw (untranslated) auditing records, along with audit entry information. For information about translation, refer to the next section.
|