1. Home
  2. Previous Releases
  3. Latest Release
  4. Guides
  5. Concepts
  6. Tools
  7. References
    1. Apache Spark
    2. Built-in Functions
    3. Incorta Component SDK
    4. Incorta Connector SDK
    5. Connectors
    6. Data Studio
    7. Public API
    8. Security
      1. Client credentials for a Google APIs project
      2. Enable Zookeeper SSL
      3. Enable MySQL SSL
      4. Engine Audit
      5. HTTPS for Apache Tomcat with OpenSSL
      6. OAuth for Box
      7. OAuth for Dropbox
      8. OAuth for Google API
      9. OAuth for Microsoft Azure Gen1
      10. OAuth for OneDrive
      11. OAuth for Sharepoint
      12. OAuth for Smartsheet
      13. Security Roles
    9. SQL Interface
    10. Visualizations
    11. Other
  8. Integrations
  9. Data applications
  10. Releases
  11. Incorta Premium

References → Engine Audit

Overview

In releases before 2024.7.x, the Engine audit files track essential information only, including the tenant, the logged-in user, and actions performed, such as viewing or analyzing insights, applying filters, or downloading a dashboard. These details are saved on CSV files in the following location: /home/incorta/IncortaAnalytics/Tenants/<tenantName>/data/audit.

In 2024.7.x, Incorta has introduced a new enhanced version of the audit files. These files capture detailed tracking information, including the request source, service, off-heap memory used for processing the request, and task state time. The new files are saved under the /home/incorta/IncortaAnalytics/Tenants/<tenantName>/engine_audit.2.0 folder.

After upgrading to 2024.7.x, Incorta records user activities in both files by default. However, you can specify one type of them to use. In the Cluster Management Console (CMC) > Clusters > your_cluster > Server Configurations > Analytics Workload Management, for the Analytics Auditing option, specify if you want to log activities in the Standard audit files, the Enhanced ones, or Both.

Note
  • To start logging user actions in the audit files, Incorta requires at least one of the actions it tracks, such as opening a dashboard or downloading an insight, to be executed manually or via a scheduled job.
  • You can create schemas on top of these files and build dashboards to analyze the recorded details.

Standard Audit files

User activities recorded in the Standard audit files include:

  • Insight actions, such as analyzing or viewing an insight
  • Variable evaluation
  • Applying filters
  • Downloading insights or dashboards

Columns available on these files include the following:

  • Dashboard GUID
  • Date
  • Timestamp
  • Tenant
  • User
  • Command
  • Elapsed Time

Enhanced Audit files

Folder structure

The engine_audit.2.0 folder contains four sub-folders as follows:

  • action: Files in this folder include a row for each HTTP request or Scheduler job.
  • action_details: Files in this folder include the action state updates: one row per update.
  • tasks: Files in this folder include a list of tasks included in an action: one row per task. For example, downloading a dashboard tab may contain 10 queries (insights), representing 10 tasks.
  • tasks_details: Files in this folder include the task state updates: one row per update.

The following section describes the columns in each file type.

Action

ColumnDescription
action_idThe action ID
user_nameThe name of the user who triggered the action
tenant_idThe tenant ID
sourceThe action source:
  ●  PRIVATE_API_RENDER
  ●  PRIVATE_API_DOWNLOAD
  ●  PRIVATE_API_SEARCH
  ●  SQI_X
  ●  SCHEDULER_RENDER
  ●  SCHEDULER_DOWNLOAD
  ●  UNDEFINED (Includes Public API, SQLi, and variable evaluation requests)
formatThe requested action format:
  ●  JSON
  ●  CSV
  ●  XLSX
  ●  UNDEFINED
isSampledA boolean represented in 1 and 0 options
modeThe requested mode from the action:
  ●  VIEW
  ●  ANALYZE
dashboard_idThe ID of the dashboard the action is related to. For some actions, such as Analyzer queries, this value is null.
dashboard_nameThe dashboard name
insight_idThe ID of the insight related to the action. For some actions, such as Analyzer queries and searches, this value is null.
start_timeThe action start time
end_timeThe action end time
tasks_countThe number of tasks included in this action
termination_stateThe action termination state:
  ●  DONE
  ●  FAILED
  ●  ANOTHER_REQUEST_OVERRIDE
service_nameThe name of the service that executed the action

Action details

ColumnDescription
parent_idThe parent action ID
stateThe action state:
  ●  INITIALIZED
  ●  RUNNING
  ●  PENDING_MATCHING_RUNNING_REQUEST
  ●  SERVED_FROM_MATCHING_REQUEST_RESULT
  ●  REJECTED
  ●  DONE
  ●  FAILED
  ●  ANOTHER_REQUEST_OVERRIDE
start_timeThe state start time
durationThe state duration in Milliseconds

Tasks

ColumnDescription
action_idThe parent action ID
task_idThe task ID
insight_idThe ID of the insight related to the action. For some actions, such as Analyzer queries and searches, this value is null.
insight_nameThe insight name
task_typeThe task type:
  ●  QUERY
  ●  SEARCH
thread_idThe ID of the thread assigned to execute this task
start_timeThe task start time
end_timeThe task end time
termination_stateThe task terminal state:
  ●  DONE
  ●  FAILED

Tasks details

ColumnDescription
action_idThe parent action ID
parent_idThe parent task ID
stateThe task state, for example:
  ●  INITIALIZED
  ●  QUEUED
  ●  PROCESSING
  ●  DONE_PROCESSING
  ●  INTERRUPTING
state_suffixAn identifier for the state if it is repeated in the same task
start_timeThe state start time
durationThe state duration in milliseconds
off_heap_usage_bytesThe off-heap memory used while executing the task (Doesn’t include the memory used for loading the columns)