Is there a way to report on audits in a way that is efficient (or a way to report on user actions in regards to incidents)?

bcronrath · ‎03-15-2016

My goal is to be able to come up with an incident report for each user where I can see incidents that they have modified in the last 48 hours. Problem is with the current incident fields this doesn't seem possible. You can search on an updated last 48 hours filter, however the updated by will always be the latest user to update an incident so if a different user touched the incident before that there doesn't seem to be a way to accomplish this in an incident report. I was thinking of doing a report on the audit table, or even just running a script that pulls the data, but trying to query sys_audit in any fashion seems to be a horrible idea and I have to cancel the transaction before it just endlessly runs.

Does anyone know of a way to grab the data I am looking for here? Is sys_audit my only option?

Best regards,

Brian

Michael Fry1 · ‎03-16-2016

Definitely reporting on sys_audit is almost impossible, but you can use Metrics to get your answers. There is a little setup involved, but it works nice.

Step 1: create new Metric, on Incident table, with Type Script Calculation but leave Script area blank. Field doesn't matter but note sys_id of new Metric.

Step 2: create a before business rule on Incident table like below

Step 3: add the following script in the advanced section of your BR. Update the 2 sys_ids of var MetricSysID to match your Metric from Step 1

{

//sys id of the metric definition

var metricSysID = '3c9eb5770f4a9600c2498f8ce1050ea5';

var mi= new GlideRecord('metric_instance');

mi.addQuery('id',current.sys_id);

mi.addQuery('definition',metricSysID);

mi.query();

//if mi.next will insert another if exists.

//if !mi.next, will insert new entry

if(!mi.next()){

insertMetrics();

}

// since !mi.next inserts new, this will insert updates.

else if(current.active == true && current.operation() == 'update'){

insertMetrics();

}

function insertMetrics() {

var mi= new GlideRecord('metric_instance');

//sys id of the metric definition

var metricSysID = '3c9eb5770f4a9600c2498f8ce1050ea5';

mi.initialize();

mi.definition = metricSysID;

mi.start = previous.sys_updated_on;

mi.end = gs.nowDateTime();

mi.duration = gs.dateDiff(mi.start, mi.end);

mi.id = current.sys_id;

mi.value = gs.getUser().name;

mi.calculation_complete = true;

mi.insert();

}

gs.log('Metric trigger');

Step 4: (last one) Build a report of the newly captured data. (Doesn't not work on existing data, just new data after this is implemented

It might seem like a lot but screen shots are better than a bunch of words!

I use this all the time.

View solution in original post

Michael Fry1 · ‎11-28-2016

You would modify the script and add before mi.insert();

mi.newfieldname = previous.assignment_group;

in the Condition of the business rule: previous.assignment_group == x && current.assignment_group == y - where x & y are the sys_ids of the 2 assignment groups

learnow · ‎11-28-2016

Hello Michael,

Thanks for your respond, but it seems really hard to me to understand now. Can You please just screenshot and show it?

Thanks for your help!

Michael Fry1 · ‎11-28-2016

Sure thing . . .

learnow · ‎11-28-2016

Thanks Michael,

I understand . But it seems my questions are endless I have a new question, in this case I mean instead of x and y if i will add sys_id of the groups then it will show me only changes between of 2 group? right? But I need to define all escalated groups. Does it work for all of them?

Thanks and Regards

Michael Fry1 · ‎11-28-2016

No problem . . . I thought your original request was just to capture metric for changes between 2 groups. Didn't realize it was more than 2. Just remove the condition I added and it will capture all changes.