BigData Intelligence Instance domain

This domain contains traffic data collected by the inspection engines every time a request is sent to a server being monitored. It includes all of the client/server, session, SQL, and access periods related data. This topic describes the domain's entities and attributes.

Available to roles: all.

This domain is available in Guardium systems that have a defined datasource of type GBDI.

BigData Intelligence Instance Entity

Attribute Description
Access Rule Description Description from the access policy rule definition.
Analyzed Client IP Applies only to encrypted traffic; when set, client IP is set to zeroes.

Analyzed Client IP has a map for CEF source. If the query used for the CEF does NOT contain the Client IP but contains the analyzed client IP, the analyzed client IP will be used for the source. If both included in the query, then Client IP takes precedence.

App User Name Unique identifier for this App User Name entity.
Application Event ID Unique identifier for this application events entity.
Average Execution Time The average command execution time during the period. This is for SQL statements only. It does not apply to FTP traffic.
Client Host Name Client Host Name
Construct Id Uniquely identifies the construct in which the object is referenced.
Database Name Name of database for the session (MSSQL or Sybase only).

For Oracle, Database Name may contain additional and application specific information such as the currently executing module for a session that has been set in the MODULE column of the V$SESSION view.

DB User Name User that connected to the database, either local or remote.
Failed Sqls The number of failed SQL requests. Appears only when the main entity for the query permits this level of detail. Not available if either Client/Server or Session is the main entity.
Guardium Appliance Host name of collector that reported this data.
Instance ID Unique identifier for the instance of a construct or SQL instance. Only available to users with the admin role.
Network Protocol Network protocol used (for example, TCP, UDP, etc. For K-TAP on Oracle, this displays as either IPC or BEQ).
Objects and Verbs Name of the object and SQL verb tuples separated by semi colon.
Original SQL original SQL sent by user.
OS User OS user account for the interaction.
Period Start Period start attribute.
Period Start Date Date only from the period start attribute.
Server Host Name Server Host Name
Server IP Server IP address
Server Port Server port number
Server Type For example: DB2, Oracle, Sybase...
Service Name Service name for the interaction. In some cases (AIX shared memory connections, for example), the service name is an alias that is used until the actual service is connected. In those cases, once the actual service is connected, a new session is started - so what the user experiences as a single session is logged as two sessions.

For Teradata, Service name contains the session logical host id value.

Session Id Uniquely identifies the session. Available only to users with the admin role.
Source Program Source program for the interaction.
Successful Sqls The number of successful SQL requests. Appears only when the main entity for the query permits this level of detail. These are not available if either Client/Server or Session is the main entity.
Timestamp Timestamp this record was created.
Timestamp Date Date in the timestamp
Total Records Affected The total number of records affected. Appear only when the main entity for the query permits this level of detail. These are not available if either Client/Server or Session is the main entity.
UTC Offset The time difference between UTC time and time of the collector that reported that data.