Is there a way to report on audits in a way that is efficient (or a way to report on user actions in regards to incidents)?

bcronrath · ‎03-15-2016

My goal is to be able to come up with an incident report for each user where I can see incidents that they have modified in the last 48 hours. Problem is with the current incident fields this doesn't seem possible. You can search on an updated last 48 hours filter, however the updated by will always be the latest user to update an incident so if a different user touched the incident before that there doesn't seem to be a way to accomplish this in an incident report. I was thinking of doing a report on the audit table, or even just running a script that pulls the data, but trying to query sys_audit in any fashion seems to be a horrible idea and I have to cancel the transaction before it just endlessly runs.

Does anyone know of a way to grab the data I am looking for here? Is sys_audit my only option?

Best regards,

Brian

Michael Fry1 · ‎03-16-2016

Definitely reporting on sys_audit is almost impossible, but you can use Metrics to get your answers. There is a little setup involved, but it works nice.

Step 1: create new Metric, on Incident table, with Type Script Calculation but leave Script area blank. Field doesn't matter but note sys_id of new Metric.

Step 2: create a before business rule on Incident table like below

Step 3: add the following script in the advanced section of your BR. Update the 2 sys_ids of var MetricSysID to match your Metric from Step 1

{

//sys id of the metric definition

var metricSysID = '3c9eb5770f4a9600c2498f8ce1050ea5';

var mi= new GlideRecord('metric_instance');

mi.addQuery('id',current.sys_id);

mi.addQuery('definition',metricSysID);

mi.query();

//if mi.next will insert another if exists.

//if !mi.next, will insert new entry

if(!mi.next()){

insertMetrics();

}

// since !mi.next inserts new, this will insert updates.

else if(current.active == true && current.operation() == 'update'){

insertMetrics();

}

function insertMetrics() {

var mi= new GlideRecord('metric_instance');

//sys id of the metric definition

var metricSysID = '3c9eb5770f4a9600c2498f8ce1050ea5';

mi.initialize();

mi.definition = metricSysID;

mi.start = previous.sys_updated_on;

mi.end = gs.nowDateTime();

mi.duration = gs.dateDiff(mi.start, mi.end);

mi.id = current.sys_id;

mi.value = gs.getUser().name;

mi.calculation_complete = true;

mi.insert();

}

gs.log('Metric trigger');

Step 4: (last one) Build a report of the newly captured data. (Doesn't not work on existing data, just new data after this is implemented

It might seem like a lot but screen shots are better than a bunch of words!

I use this all the time.

View solution in original post

Michael Fry1 · ‎04-29-2016

The script populates the metric fields with data IF the conditions are true. So if you wanted to create another one on Resolve, make sure your conditions are set right to trigger the business rule to create a Metric.

shukurmukhtarov · ‎04-30-2016

How i can manage scripts.?

Michael Fry1 · ‎04-30-2016

You can set different conditions, and when true, if will create a Metric.

You can also add additional fields to the Metric table, and modify the script to populate those fields. For example:

mi.value = gs.getUser().name; sets the value you field. You can add more lines to match your new fields

mi.newfield1 = previous.assignment_group;

mi.newfield2 = previous.state;

bhavya_inkollu · ‎09-08-2016

Hi Michael,

I also need Incident created by, resolved by, closed by information as well in my metric . Please suggest as how i can achieve that

Michael Fry1 · ‎09-08-2016

You can add fields to the Metric table and then include those fields in the business rule to set the values you want.