Is there a way to report on audits in a way that is efficient (or a way to report on user actions in regards to incidents)?

bcronrath · ‎03-15-2016

My goal is to be able to come up with an incident report for each user where I can see incidents that they have modified in the last 48 hours. Problem is with the current incident fields this doesn't seem possible. You can search on an updated last 48 hours filter, however the updated by will always be the latest user to update an incident so if a different user touched the incident before that there doesn't seem to be a way to accomplish this in an incident report. I was thinking of doing a report on the audit table, or even just running a script that pulls the data, but trying to query sys_audit in any fashion seems to be a horrible idea and I have to cancel the transaction before it just endlessly runs.

Does anyone know of a way to grab the data I am looking for here? Is sys_audit my only option?

Best regards,

Brian

Michael Fry1 · ‎03-16-2016

Definitely reporting on sys_audit is almost impossible, but you can use Metrics to get your answers. There is a little setup involved, but it works nice.

Step 1: create new Metric, on Incident table, with Type Script Calculation but leave Script area blank. Field doesn't matter but note sys_id of new Metric.

Step 2: create a before business rule on Incident table like below

Step 3: add the following script in the advanced section of your BR. Update the 2 sys_ids of var MetricSysID to match your Metric from Step 1

{

//sys id of the metric definition

var metricSysID = '3c9eb5770f4a9600c2498f8ce1050ea5';

var mi= new GlideRecord('metric_instance');

mi.addQuery('id',current.sys_id);

mi.addQuery('definition',metricSysID);

mi.query();

//if mi.next will insert another if exists.

//if !mi.next, will insert new entry

if(!mi.next()){

insertMetrics();

}

// since !mi.next inserts new, this will insert updates.

else if(current.active == true && current.operation() == 'update'){

insertMetrics();

}

function insertMetrics() {

var mi= new GlideRecord('metric_instance');

//sys id of the metric definition

var metricSysID = '3c9eb5770f4a9600c2498f8ce1050ea5';

mi.initialize();

mi.definition = metricSysID;

mi.start = previous.sys_updated_on;

mi.end = gs.nowDateTime();

mi.duration = gs.dateDiff(mi.start, mi.end);

mi.id = current.sys_id;

mi.value = gs.getUser().name;

mi.calculation_complete = true;

mi.insert();

}

gs.log('Metric trigger');

Step 4: (last one) Build a report of the newly captured data. (Doesn't not work on existing data, just new data after this is implemented

It might seem like a lot but screen shots are better than a bunch of words!

I use this all the time.

View solution in original post

learnow · ‎11-25-2016

yes I can see but I think it's not exactly what I need. I need also to get a report in which incident ticket assignment group level 2 escalated to assignment group level 3. How can I see exactly that tickets?

Michael Fry1 · ‎11-25-2016

You probably need to implement the business rule solution found in this post. The conditions on the BR can be set to trigger when previous assignment group is x and current group is y. Then newly created Metric will contain ONLY the data you need to report on.

learnow · ‎11-28-2016

Hi Michael,

Thanks for your respond. I have couple questions to define right answer for me:

Can I use exactly the same scripts which you mentioned above or I need to change something on script to get what I'm looking for? (as I mentioned above, I'm looking for escalated incidents from assignment group level 2 to assignment group level 3 on previous month.)So In this case what will be business rules conditions and advance script? Will be as above as you mentioned?

On Step 4 you mentioned that it will work for report of the newly captured data and doesn't work on existing data, and will work for new data after this is implemented. But, in my case how can I report the data which is already existing. Actually its for previous month.

Sorry for disturbance, maybe so many questions by my side but I need to get answer for my questions.

Thanks in advance.

Michael Fry1 · ‎11-28-2016

You can use the same script. You might want to add a new field to the Metric table, maybe preValue, where you can store the previous group. If you do, you'll have to modify the script to populate that field.

Just make sure the When to run section has the right trigger, like group is x, and change to y. That way the only Metric data captured will contain just the data you want.

learnow · ‎11-28-2016

Yes, I want to add new field for previous Assignment Group, then how can I modify script? What to add and to where?

ok, but how can I make sure that When to run section has the right trigger? What to set up to When to run section? Do I need to add filter conditions something?

Regards,

Ulvi