This section describes the database tables, views, and functions of One Identity Safeguard for Privileged Sessions (SPS) that can be used in the custom queries of the Reporting > View & edit subchapters > Advanced statistics page. Generally, views contain a more organized dataset, while tables contain the raw data.
NOTE: The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions.
| Database table | Type | Description |
|---|---|---|
| alerting | table | The list of alerting events. For details, see The alerting table. |
| aps | table | [OBSOLETE] The list of Audit Player indexing services that are available for SPS. For details, see The aps table. |
| archives | table | Data about the archiving processes. For details, see The archives table. |
| audit_trail_downloads | table | Data about the audit trail downloads. For details, see The audit_trail_downloads table. |
| channels | table | Contains metadata about the channel-opening requests and opened channels. This is the main table storing data about the connections. For details, see The channels table. |
| closed_connection_audit_channels | view | This view returns all audited channels whose connection have been closed. For details, see The closed_connection_audit_channels view. |
| closed_not_indexed_audit_channels | view | This view returns all audited channels whose connection have been closed, but have not been indexed yet. For details, see The closed_not_indexed_audit_channels view. |
| connection_events | view | List of commands or window titles detected in the connections. For details, see The connection_events view. |
| connection_occurrences | view | Contains the tokens that are used as search keywords in Content subchapter reports (reports from audit-trail content) and where these tokens appear in the audit trails. For details, see The connection_occurrences view. |
| connections | view | A view containing data of the connections. This data is identical to the information available on the Search page. For details, see The connections view. |
| events | table | The commands or events extracted from the indexed audit trails. For details, see The events table. |
| file_xfer | table | Data about the files transfered in the audited connections (SCP, SFTP). For details, see The file_xfer table. |
| http_req_resp_pair | table | Information about the requests and responses in HTTP and HTTPS sessions. For details, see The http_req_resp_pair table. |
| indexer_jobs | table | Information and statistics about indexer jobs. For details, see The indexer_jobs table. |
| occurrences | table | Contains the tokens that are used as search keywords in Content subchapter reports (reports from audit-trail content) and where these tokens appear in the audit trails. For details, see The occurrences table. |
| progresses | table | [OBSOLETE] Which audit trail is assigned to which Audit Player for processing. For details, see The progresses table. |
| results | table | Contains the tokens that are used as search keywords in Content subchapter reports (reports from audit-trail content) and in which audit trails were these tokens found. For details, see The results table. |
| skipped_connections | table | List of errors encountered when processing audit trails. For details, see The skipped_connections table. |
| usermapped_channels | view | Information about sessions where usermapping was performed in the connection. For details, see The usermapped_channels view. |
To search the content of audit trails that were processed using indexing, you can use the lucene SQL function. For details, see Querying trail content with the lucene-search function.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
