Hi,
Im using Sentinel 7 but I think that SLM works at the same way.
I have an IDM workflow with tree forms: request, approval1 and approval2. I need show all the history based on my activities, ie:
Activity0: requested by user1, date, request text;
Activity1: approved by user2, date, approval text;
Activity2: approved by user3, date, approval text.
My query needs to be like:
But this not work. There is a way to do this?
I need also to use two or more queries. As IDM logs only the CN and DN and I need to search by Full Name, EmployeeID and so on, Im thinking to develop a JDBC driver and extend the SIEM database schema, but first I will need to search the database to convert search fields in CN information (ie: Full Name in CN) and then use this result as parameter in a new search. Is that possible?
I thought to create a final log action that summarizes everything but this brings me other problems with search and status (reports will not show running workflows).
Im using Sentinel 7 but I think that SLM works at the same way.
I have an IDM workflow with tree forms: request, approval1 and approval2. I need show all the history based on my activities, ie:
Activity0: requested by user1, date, request text;
Activity1: approved by user2, date, approval text;
Activity2: approved by user3, date, approval text.
My query needs to be like:
Code:
SELECT
msg as message
WHERE
evtgrpid: (SELECT evtgrpid WHERE (evt:("User Message \: Activity") AND msg:requester*) OR (evt:("User Message \: Activity1") AND msg:approver1*) OR (evt:("User Message \: Activity2") AND msg:approver2*)
GROUP BY msgI need also to use two or more queries. As IDM logs only the CN and DN and I need to search by Full Name, EmployeeID and so on, Im thinking to develop a JDBC driver and extend the SIEM database schema, but first I will need to search the database to convert search fields in CN information (ie: Full Name in CN) and then use this result as parameter in a new search. Is that possible?
I thought to create a final log action that summarizes everything but this brings me other problems with search and status (reports will not show running workflows).