Audit Search Criteria

The search fields are inclusive or "AND" type searches. Only actions matching values specified in all fields are included in the search results.

To limit the search results, use search criteria. If you do not type information or make a selection in a search criteria field, all possible choices are included. For example, if you do not provide a type in the Type field, events with any action type are included.

Specify the search criteria and columns to display and click Run Search to display the search results. From the search results page, you can review the results of your search and save the search. See Search Results.

The Audit Search tab has the following information:

Criteria	Description
Saved Searches:
Search Name	The names of past searches that you saved to reuse at a later time. These Saved Searches are only available for your use. To make searches available to users with Report access, save the search as a report.
Loaded Saved Search:
The name and description of your current saved query.
Run Search	Run the search with the criteria displayed on the current page. If you have modified the criteria of the Loaded Saved Search, the modified criteria is used for the search.
Clear Search	Unload the Loaded Saved Search and clear all query options.
Delete Search	Delete the specified Loaded Saved Query.
Audit Attributes:
Action	The action that was performed, for example, login, delete or signoff.
Source	The string that identifies the source of the event. The source is generally the name of an Identity object. The source can also be a less specific name such as, "scheduler" or "system." When the event occurs during an interactive session with the IdentityIQ Web application, identity names are used. When background tasks or anonymous requests are not run for a specific identity, abstract names are used.
Application	Type manually or use the dropdown list to select an audited application.
Instance	Type manually or use the dropdown list to select an instance of a specified audited application.
Attribute Name	Type manually or use the dropdown list to select an audited attribute name.
Attribute Value	Type manually or use the dropdown list to select a value of a specific audited attribute.
Target	The object that was acted upon. For example, a machine name for a login or a file name for a create action.
Account Name	Type manually or use the dropdown list to select an audited account name.
Filter by Date:
Start Date	Include information on events that occurred on or after this date in the search results. You can type the date manually or click the [...] icon to select a date from the calendar.
End Date	Include information on events that occurred on or before this date in the search results. You can type the date manually or click the [...] icon to select a date from the calendar.
Fields to Display	Specify the information displayed on the Audit Search Results page associated with this search. Each field defines a column on the results table. You must select at least one field to display on the results page.