How to create a dashboard to show number of searches submitted by each user and the method used to submit the search (API, UI, or Reporting).
In the GUI, searches initiated from both the Log Activity and Network Activity tabs can be seen in Manage Search Results. However, searches submitted through the API are not visible in this view.
For information about searches initiated through the API, users need to either search the audit logging. This review can be done either in the CLI, by reviewing the /var/log/audit/audit.log* files, or in the GUI, by filtering on "Search Executed" events under the SIM Audit log source.
This technote shows how to create an AQL search and dashboard to show the amount of searches each user submitted grouped by the method of submitting the searches.
AQL query and reating the dashboard
Select "Ariel Username" AS 'User', "Ariel Source" AS 'Source', count(*) AS 'Total' from events where qid='28250254' group by User,Source last 15 MINUTES
Creating the dashboard:
- To create a dashboard from this AQL Use the following steps: Adding search-based dashboard items to the Add Items list
- Configure the dashboard with the steps documented in Configuring dashboard chart types
- Under value to graph choose COUNT
- Under chart type, choose Time Series
- Check Capture Time Series Data
- Press save.
Interpreting the graph data
Note: For some apps, like QDI, it is expected behavior for the app to search frequently by using the API.
Was this topic helpful?
27 September 2023