Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello everyone -
QlikView Governance Dashboard 2.0.4 was just released and is available on the download site. Wahoo!
See: QlikView 12.10 Service Release 8 and QlikView Governance Dashboard 2.0.4 now available
It includes several bug fixes which should improve all of our lives.
Enjoy!
Tyler
Honestly, I would just remove the session and audit log files for the days when you did the penetration test. But that's a bit of a hack.
You can certainly go in the load script (it's no longer hidden) and just exclude data with something like
Where not ActiveUserId='user_name_for_testing'
The trick will be to make sure you have the correct form of user Id to match the field. For example
Doman\User
vs
User
vs
DOMAIN\User
etc.
I'd quite like to keep the other users' activity, so I think I'll try to edit the load script. Which tables do you think I need to amend?
In the Sessions tab of script, add to the WHERE statement -- something like AND upper([Authenticated user]) <> 'TEST_DOMAIN\TESTER'
SUB Sessions (fname)
// Let tmp_node = $(fnode(Evaluate('$(fname)'))); // Node name from filename, as defined on variables tab of loadscript
Concatenate (Sessions)
Load
RecNo() as SessionsEntry,
'$(fname)' as SessionsFileName, // For incremental loading of Sessions
'$(fname)' & RecNo() as _SessionId, // For incremental loading of sessionheatmap
makedate(year([Session Start]),month([Session Start]),day([Session Start])) as SessionDate,
num(makedate(year([Session Start]),month([Session Start]),day([Session Start]))) as SessionDateNum,
1 as Session_Start_Count,
hour([Session Start]) as SessionHour,
[Cal Type] as Cal_Type,
if(len([Authenticated user])>0,lower([Authenticated user]),'Anonymous') as Authenticated_User,
Selections as SessionSelections,
Calls as SessionCalls,
[Bytes Sent] as Bytes_Sent,
[Bytes Received] as Bytes_Received,
[CPU spent (s)] as CPU_spent__s_,
[Session Duration] as Session_Duration,
$(SessionStart_field) as Session_Start,
$(Timestamp_field) as SessionTimestamp,
[Exe Version] as SessionExeVersion,
[Exe Type] as SessionExeType,
lower(replace(Document,'/','\')) as Sessions_FileName,
LOWER(SubField(replace(Document,'/','\'),'\',-1)) as DocName,
SubField(replace(Document,'/','\'),'\',-1) as DocName_Sessions,
$(DocumentTimestamp_field) as Document_Timestamp,
[Exit Reason] as Exit_Reason,
([Exit Reason]='Server shutting down')*-1 as [Session Lost to Server Restart],
[Client machine identification] as Client_machine_identification,
[Serial number] as Serial_number,
[Client Type] as Client_Type,
[Secure Protocol] as Secure_Protocol,
[Tunnel Protocol] as Tunnel_Protocol,
[Server Port] as Server_Port,
[Client Address] as Client_Address,
[Client Port] as Client_Port,
'$(tmp_node)'&'|' & round(num($(Timestamp_field)),0.001) as Node_TS
FROM '$(fname)' (txt, utf8, embedded labels, delimiter is '\t', msq)
WHERE NOT EXISTS(_SessionId,'$(fname)' & RecNo())
<<ADD HERE>>
;
ENDSUB