question Re: How can I get the ranger audits from solr (Ambari Infra) using a curl call, in the similar format as ranger, my cluster is kerberised ? in Archives of Support Questions (Read Only) https://community.cloudera.com/t5/Archives-of-Support-Questions/How-can-I-get-the-ranger-audits-from-solr-Ambari-Infra-using/m-p/218848#M64052 <P><A rel="user" href="https://community.cloudera.com/users/16909/pdegave.html" nodeid="16909">@Pankaj Degave</A> </P><P> You can use the below call to get only the required fields mentioned in Ranger UI. </P><PRE>curl -o ranger.query --negotiate -u : -X GET "http://&lt;ambari-infra-solr-instance-hostname&gt;:8886/solr/ranger_audits_shard1_replica1/select?q=*%3A*&amp;fq=evtTime%3A%5B2017-06-11T10%3A44%3A00Z+TO+NOW%5D&amp;fl=policy,evtTime,reqUser,repo,resource,resype,access,result,enforcer,cliIP,cluster,event_count&amp;sort=evtTime+desc&amp;start=0&amp;rows=307600&amp;wt=csv&amp;version=2" </PRE><P> Depending on what all logs you want to pull adjust the evtTime, the above query pulls all the audit records, change the evtTime to the timestamp of the first record in ranger.</P> Fri, 30 Jun 2017 17:09:52 GMT krajguru 2017-06-30T17:09:52Z How can I get the ranger audits from solr (Ambari Infra) using a curl call, in the similar format as ranger, my cluster is kerberised ? https://community.cloudera.com/t5/Archives-of-Support-Questions/How-can-I-get-the-ranger-audits-from-solr-Ambari-Infra-using/m-p/218847#M64051 Fri, 30 Jun 2017 17:06:04 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-can-I-get-the-ranger-audits-from-solr-Ambari-Infra-using/m-p/218847#M64051 pdegave 2017-06-30T17:06:04Z Re: How can I get the ranger audits from solr (Ambari Infra) using a curl call, in the similar format as ranger, my cluster is kerberised ? https://community.cloudera.com/t5/Archives-of-Support-Questions/How-can-I-get-the-ranger-audits-from-solr-Ambari-Infra-using/m-p/218848#M64052 <P><A rel="user" href="https://community.cloudera.com/users/16909/pdegave.html" nodeid="16909">@Pankaj Degave</A> </P><P> You can use the below call to get only the required fields mentioned in Ranger UI. </P><PRE>curl -o ranger.query --negotiate -u : -X GET "http://&lt;ambari-infra-solr-instance-hostname&gt;:8886/solr/ranger_audits_shard1_replica1/select?q=*%3A*&amp;fq=evtTime%3A%5B2017-06-11T10%3A44%3A00Z+TO+NOW%5D&amp;fl=policy,evtTime,reqUser,repo,resource,resype,access,result,enforcer,cliIP,cluster,event_count&amp;sort=evtTime+desc&amp;start=0&amp;rows=307600&amp;wt=csv&amp;version=2" </PRE><P> Depending on what all logs you want to pull adjust the evtTime, the above query pulls all the audit records, change the evtTime to the timestamp of the first record in ranger.</P> Fri, 30 Jun 2017 17:09:52 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-can-I-get-the-ranger-audits-from-solr-Ambari-Infra-using/m-p/218848#M64052 krajguru 2017-06-30T17:09:52Z