Skip to main content
Skip table of contents

Viewing the Discovery Audit Index

The Discovery Search Audit Index (discovery-audit) contains records of actions and updates made by users. Typical data written to this index includes user identity, document identity, document index, and date/time.

User actions (and pertinent data) that are recorded include:

  • Reporting a document (report reason)

  • Updating Tags (tags currently on a document, added to a document, removed from a document)

Use the Discover page in the Visualizer to look at an index’s raw data. To access the data you will need to set up an index pattern first.

Creating an Index Pattern

  1. Open Visualizer

  2. Select Management from the side menu

  3. Select Index Patterns

  4. Click Create index pattern

  5. Search for the index you want to view (for example, discovery-audit) and enter it in the Index pattern field

  6. Click Next step

  7. In step 2, select "I don't want to use the Time Filter" from the Time Filter field name dropdown

  8. Click Create index pattern

Now you can view the index data!

Viewing raw index data

  1. In the Visualizer, select Discover from the side menu

  2. In the top-left corner, click the down arrow to see the available indices

  3. Select the index you want to view (for example, discovery-audit)

  4. Drill down into records by selecting a field from the left side

  5. You can also enter simple query structures in Search (for example, user:DOMAIN/bsmith AND documentName:Acme Purchase Order)

  6. Select which format you wish to view the data in

    1. Table

    2. JSON

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.