auditlog info (audit log information summary)

The auditlog info command adds a JSON count information file to the audit log files. Times are in yyyyMMddHHmmss format. If no specific timeframe is specified, the default is the current day's start date and the time you issue the auditlog info command. This command provides multiple filtering options for the data returned. You direct the JSON count file to an output directory of your choice.


auditlog info --n fieldName --s startTime --e endTime --f filterBy --fw filterByWild --fa filterByAdditional --ob orderBy --a ascending --odirectory
No--n fieldNameSpecifies the name of the field to include on the auditlog info returned. You can specify more than one field name. For example, "username" and "value" are companion fields, so you may want to include both in your results.
No--s startTimeSpecifies start time and start date for audit logging. The date format is: yyyyMMddHHmmss.
No--e endTimeSpecifies end time and end date for audit logging. The date format is: yyyyMMddHHmmss.
No--f filterBySpecifies a specific entity to use as a results filter. For example, "username:system."
No--fw filterByWildAllows you to use the asterisk (*) character to filter the information returned. For example, to search for an object ID containing the string "info," specify objectID:*info.
No--fa filterByAdditionalSpecifies an additional value to use in filtering the information returned. For example, you could use a specific date to restrict the returned information to a calendar day.
No--ob orderByTypeAllows you to order the returned information by "loglevel" or "timestamp." The default ordering is by time stamp.
No--a ascendingShows Boolean results in ascending order. The default ordering is true then false if this filter is not specified.
No--o directorySpecifies the output directory for the auditlog information.


This example asks to return results for a 24-hour timebox, for an admin-level user, ordered from earliest event to latest event, sending the results to a directory named c:\Precisely\auditlog_info\results.

auditlog info --s 20191231000000 --e 20200101000000 --f userlevel:admin --ob timestamp --o c:\Precisely\auditlog_info\results