DUE TO SPAM, SIGN-UP IS DISABLED. Goto Selfserve wiki signup and request an account.
...
| Audit to SOLR | Description | Sample Value | Data Type | Introduced in Version |
|---|---|---|---|---|
| id | Unique Id or Row id of audit log event | 85f0f6d7-2415-44e6-b277-6751d6c86ac7-3 | Number/String | 0.5 |
| policy version | Policy Version which is used in the authorization | numeric value | Number/String | 0.6 |
| result | Access result | 1(Allowed) or 0 (Denied) | Number | 0.5 |
| access | Access type of executed event | READ/WRITE/SELECT etc. | String | 0.5 |
| cliType | Client Type | HiveServer, HiveMetaStore | String | 0.6 |
| agent | plugin involved in authorization | hdfs, hiveserver2, hbase..etc | String | 0.5 |
| enforcer | Access enforcer | hadoop-acl/ranger-acl | String | 0.5 |
| sess | Session Id | 606b0764-7914-4f32-8343-04d8be6e5bd5 | String | 0.5 |
| cliIP | Ip address of machine from where event was performed | 10.0.0.1 | String | 0.5 |
| policy | Policy id of the resource on which access event was executed | 1 | Number | 0.5 |
| repo | Repository Name | hadoopdev | String | 0.5 |
| repoType | Repository Type | HDFS/HIVE/HBase | Number | 0.5 |
| reason | testdb/testtable/column1 | String | 0.5 | |
| evtTime | event request timestamp | 2016-10-12 6:11:45 | datetime | 0.5 |
| reqUser | user who requested the access | ranger | String | 0.5 |
| action | operation performed | QUERY/write | String | 0.6 onwards |
| resource | resource path | testdb/testtable/column1 | String | 0.5 |
| resType | Type of accessed resource | @column | String | 0.5 |
| seq_num | sequence number of audit log | 1 | Number | 0.5 |
| event_count | no of similar event executed in specific interval | 3 | Number | 0.5 |
| event_dur_ms | event execution time in ms | 10 | Number | 0.5 |
| tags | tag details associated with respective resource/policy | PCI | array[string] | 0.6 onwards |
| additional_info | additional informations are stored in this field. | like forwarded address, remote address etc. | Map<String,String> | 0.6 |
| cluster_name | cluster name where the request came from | Cluster 1 | String | 0.6 |
| zone_name | Zone name when zone policy authorized the request | String | 0.6 | |
| agentHost | hostname of agent | test-hbase-0710-1.openstacklocal | String | 0.5 |
| logType | Log Type | RangerAudit | String | 0.5 |
| _ttl_ | Time to live | +90DAYS | String | 0.5 |
| _expire_at_ | Expiry Time Stamp of Audit Event | 2017-02-12T11:39:44.839Z | String | 0.5 |
| _version_ | Version | 1550973492097187800 | Number | 0.5 |
...