Data Extract destination setup

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

8.4 p1

Please share any other relevant files that may be required (for example, logs).

<YAMLConfig name="AuditEventTransformConfig" type="Transform">
  <YamlText>
      imageConfigDescriptors:
    
        auditEvent:
          objectClassName: sailpoint.object.AuditEvent
          imagePropertyConfigDescriptors:
            - property: id
            - property: action
            - property: created
            - property: source
            - property: target
            - property: status
    </YamlText>
</YAMLConfig>

<YAMLConfig name="AuditEventExtract" type="Extract">
  <YamlText> 
    
    extractedObjects:
      auditEvent:
    transformConfigurationName: AuditEventTransformConfig
    messageDestination: auditEventQueue
    
    </YamlText>
</YAMLConfig>

Share all details about your problem, including any error messages you may have received.

Hello all,

I’m working on setting up a Data Extract of AuditEvents. I’d like to ask if it’s possible (and how) to extract the data into a CSV file on a server (either SP host or shared drive). I could not find the information within the official documentation.

The above YAML configuration seems to work - I still need to add some filtering, but first I’d like to get it to a specific place.

Regards,

Adrian

2

Hi @AdrianBialorucki ,

looks like this question needs to go to ISC section/discussion. or are you looking for help in sailpoint identityiq ?

1 Like
3

Hi @AdrianBialorucki , Please specify your requirement with the name of the tool like IIQ / ISC as these have different capabilities.

1 Like
4

Hi @vinnysail

This regards SailPoint IIQ. Sorry for not mentioning that.

Thanks,

5

Hi @Jetendrakumar1991

This regards SailPoint IIQ. Sorry for not including that in the message.

Thanks,

6

Hi @AdrianBialorucki ,

Following my suggestions:

Steps:

  1. Log in to IdentityIQ: Access your IdentityIQ administrative console.

  2. Navigate to Report Creation:

    • Go to Setup (or “Global Settings” in older versions).

    • Click on Tasks.

    • On the Tasks page, you’ll see a list of existing tasks. Look for a button or link to “New Task” or “New Report”. Click that.

  3. Choose Report Type:

    • From the “Task Type” dropdown, select “Report”.

    • You’ll then need to choose a “Report Template”. For audit events, the most relevant template is usually “AuditEvent Report”. Select this.

  4. Configure Report Details:

    • Name: Give your report a meaningful name (e.g., “Daily Audit Events Export”).

    • Description: Briefly explain what the report does.

    • Report Parameters (Crucial for what you extract):

      • Selection Criteria: This is where you define which audit events you want.

        • Date Range: Specify a start and end date/time (e.g., “Last 24 Hours”, “Specific Date Range”). This is vital to avoid extracting millions of events every time.

        • Event Types: You can filter for specific events (e.g., “Login”, “PasswordChange”, “IdentityModified”, “AccessRequestApproved”). If left blank, it will include all.

        • Actor/Target: Filter by who performed the action or on what object the action was performed.

      • Columns: Choose which pieces of information from each audit event you want in your CSV. Common choices include: ID, Created Date, Event Name, Action, Target Name, Target Type, Actor Name, Actor Type, Application, Result, Comments.

    • Output Options :

      • Output Type: Select “CSV”.

      • File Path: This is where you tell IdentityIQ to save the CSV file.

        • If on the IIQ Host Server: Provide a full path like /opt/sailpoint/identityiq/data/audit_exports/audit_events.csv (for Linux) or C:\SailPoint\IdentityIQ\data\audit_exports\audit_events.csv (for Windows).

        • If on a Shared Drive: If your IIQ server has a network drive mapped or mounted, you can use that path directly (e.g., \\YourFileServer\ShareName\audit_exports\audit_events.csv for Windows shares, or /mnt/your_share/audit_exports/audit_events.csv for mounted Linux shares).

  5. Save the Report: Click “Save” to store your report configuration.

  6. Run or Schedule the Report:

    • Immediate Run: On the Report’s page, you can click “Execute” to run it right away for testing.

    • Scheduling: To automate this, go back to Setup > Tasks.

      • Find your newly created report task in the list.

      • Click on it to edit.

      • Go to the “Schedule” tab.

      • Set your desired schedule (e.g., “Daily”, “Weekly”, “Monthly”) and specify the time.

      • Save the task.

thanks

7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.