Is there a way to report on audits in a way that is efficient (or a way to report on user actions in regards to incidents)?

bcronrath · ‎03-15-2016

My goal is to be able to come up with an incident report for each user where I can see incidents that they have modified in the last 48 hours. Problem is with the current incident fields this doesn't seem possible. You can search on an updated last 48 hours filter, however the updated by will always be the latest user to update an incident so if a different user touched the incident before that there doesn't seem to be a way to accomplish this in an incident report. I was thinking of doing a report on the audit table, or even just running a script that pulls the data, but trying to query sys_audit in any fashion seems to be a horrible idea and I have to cancel the transaction before it just endlessly runs.

Does anyone know of a way to grab the data I am looking for here? Is sys_audit my only option?

Best regards,

Brian

Michael Fry1 · ‎03-16-2016

Definitely reporting on sys_audit is almost impossible, but you can use Metrics to get your answers. There is a little setup involved, but it works nice.

Step 1: create new Metric, on Incident table, with Type Script Calculation but leave Script area blank. Field doesn't matter but note sys_id of new Metric.

Step 2: create a before business rule on Incident table like below

Step 3: add the following script in the advanced section of your BR. Update the 2 sys_ids of var MetricSysID to match your Metric from Step 1

{

//sys id of the metric definition

var metricSysID = '3c9eb5770f4a9600c2498f8ce1050ea5';

var mi= new GlideRecord('metric_instance');

mi.addQuery('id',current.sys_id);

mi.addQuery('definition',metricSysID);

mi.query();

//if mi.next will insert another if exists.

//if !mi.next, will insert new entry

if(!mi.next()){

insertMetrics();

}

// since !mi.next inserts new, this will insert updates.

else if(current.active == true && current.operation() == 'update'){

insertMetrics();

}

function insertMetrics() {

var mi= new GlideRecord('metric_instance');

//sys id of the metric definition

var metricSysID = '3c9eb5770f4a9600c2498f8ce1050ea5';

mi.initialize();

mi.definition = metricSysID;

mi.start = previous.sys_updated_on;

mi.end = gs.nowDateTime();

mi.duration = gs.dateDiff(mi.start, mi.end);

mi.id = current.sys_id;

mi.value = gs.getUser().name;

mi.calculation_complete = true;

mi.insert();

}

gs.log('Metric trigger');

Step 4: (last one) Build a report of the newly captured data. (Doesn't not work on existing data, just new data after this is implemented

It might seem like a lot but screen shots are better than a bunch of words!

I use this all the time.

View solution in original post

learnow · ‎11-24-2016

Hello Michael Fry,

I have quite similar question but I need your help, just to understand for example how to report number of incidents transferred from say 'X' group level 1 to same group level 2 in a month ?

How we can create that type of widget with that conditions on PA? Do I need also to write business rules?

Thanks in advance.

Michael Fry1 · ‎11-24-2016

''X' group level 1 to same group level 2' - what changes to say its level 2 if the group is the same?

learnow · ‎11-24-2016

Sorry it's from 'X' group level 1 to "Y"group level 2. Not the same group.

Regards,

Michael Fry1 · ‎11-24-2016

You can create a Metric on Assignment Group with Timeline checked.

then you can report on incident metric table and see previous group & duration, and current group & duration

learnow · ‎11-25-2016

Thanks for your comment, but my case is another, I need to report or create PA widget that show how many incident tickets assignment group level 2 changed to level 3? How can figure out it?

Thanks