Hello Team,
I’d like to create a Search query, that will return me all identities that had LifeCicleState change from active to inactive within last 7 day.
I figured out there is an event for this: IdentityStateChange
So, i imagine search query something like this:
@IdentityStateChange(info:“newState:inactive previousState:active”): [now-7D TO now]
This gives me error - Invalid search query.
Any tips, suggestion here 
Thank you in advance,
Regards,
Aleksandra
Hi @karapuuzina,
You can try this one and see if it helps :
attributes.oldState:“active” AND attributes.attributeValue:“inactive” AND created: [now-7d TO now]
Here is an updated one too :
name:“Change Identity State Passed” AND attributes.oldState:“active” AND attributes.newState:“inactive” AND created: [now-7d TO now]
Do you want events or identities as with this scenarios you need to filter events rather an identites
try FilterString as below, let me know if this works:
public static Date generateDate(int daysToSet) {
Calendar cal = Calendar.getInstance();
cal.setTime(new Date());
if (daysToSet != 0) {
cal.add(Calendar.DAY_OF_YEAR, daysToSet);
}
return (cal.getTime());
}
String summaryMessage = "";
String status = "Completed";
int completionCount = 0;
int startDaysInPast=(-7);
QueryOptions qo = new QueryOptions();
List filters = new ArrayList();
Filter.add(Filter.eq("action","IdentityStateChange"));
filters.add(Filter.ge("created", generateDate( startDaysInPast )));
Filter f=Filter.and(filters);
qo.addFilter( f );
Iterator it = context.search(AuditEvent.class, options);
while (it.hasNext()) {
// logic
}
sailpoint.tools.Util.flushIterator(it);
}
@dheerajk27 this solution how this will work in identity now can you tell me? may work in iiq
Hi @karapuuzina
can you please try this query and check:
@IdentityStateChange AND info:“newState:inactive previousState:active” AND timestamp:[now-7d TO now]
HI @schattopadhy , it was my bad, i though this question was for IIQ.
Hello, thank you for reply, but this doesn’t return any results, even if i remove the timestamp…
attributes.oldState:“active” AND attributes.attributeValue:“inactive” AND created: [now-7d TO now] - this works great, but indeed as someone mentioned in this thread it would be perfect if i can actually get identities. Any ideas on that?
You are right, indeed getting identities would be much more preferred. I was looking into doing this with “Seach” functionality, because i can subscribe for “Search” and get weekly reports.
If there is any other option for this i will be glad to know
Hi @karapuuzina,
I don’t think you can use search on Identities as these LCS changes are event based.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.