Add SystemID to Elastic provisioning-audit
Niek de Melker
Currently we can collect all provisioning audit logs from Elastic, but we miss the systemID in the document. This field is currently available in the "provisioning-source-import" bucket but love to also have this value in the "provisioning-audit" bucket.
The systemName is present but can change over time, so this could be a problem when grouping incidents, or even lookup incidents for a given system.
There is also a CorrelationID in this document, maybe these identifiers could be stored separately so these are actually usable for us to filter on, like the importID which seems to be in there.
Twan Duvigneau
Hi Rick van den Dijssel, we noticed that 'audit logging records system name is not correct (show the old value) when an system name is updated.' is in the release notes for the next release, is that related to this request? :)
R
Rick van den Dijssel
Twan Duvigneau: The issue of the updated system name not being used in new audit log records was already submitted before this request was sent. This was recognized as a problem and has been resolved in the November release of HelloID. However, the feature request to add the SystemID to the audit log records for target system actions is still open.
Niek de Melker
just found out that after renaming a system, the retry actions log events use the old system name, making this way more inconvenient to group incidents on.
Twan Duvigneau
Is would also be nice to see if the entries in the provisioning-audit were retries or not. That way we can create reports on recurring errors
R
Rick van den Dijssel
Hey Niek de Melker, thanks for your feedback! I have a few more questions for you:
- Can you provide more context on how the absence of the SystemID in the 'provisioning-audit' bucket is affecting your current operations?
- Could you elaborate on the specific use cases where you would need to filter on the SystemID and CorrelationID?
- Are there any specific incidents or scenarios where the changing systemName has caused issues in grouping or looking up incidents?
Niek de Melker
Rick van den Dijssel Hi Rick,
We have a monitoring tool which manages incidents and issues. This tries to collect information of the last scheduled run and put some magic flaire on it to provide out customers with better support and logging. This system breaks if the refference (now the name of the system) changes, and we have to fix it manually.
I don’t need to filter on the systemId, i need to tag it in my custom monitoring.
What i do need to filter on is the importId, but this works by wildcard matching the CorrelationId. It would be nice if this was an own property, but is no must for my needs.
Niek de Melker
Rick van den Dijssel Hi Rick,
I also would like counter the question, because if an sourcesystem is tagged in the logging there will be an system identifier, so why is this not the behavior for a target system?