Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Difference between "Ranger ranger_audits" and "LogSearch audit_logs" Solr collections

Difference between "Ranger ranger_audits" and "LogSearch audit_logs" Solr collections

What is the difference between these Solr collections?

  • Ranger: 'ranger_audits'
  • LogSearch: 'audit_logs'
2 REPLIES 2

Re: Difference between "Ranger ranger_audits" and "LogSearch audit_logs" Solr collections

Expert Contributor
@Sean Roberts

ranger_audits:- This is by Ranger plugins (hive,kafka etc) to stored the authorization audits [user,ip, resource, access/deny etc, timestamp etc] specific to authorization

Logsearch: audit_logs :- This is the collection where the logs of the service where the log_search is integrated. This is later used by logsearch UI to do analysis.

Re: Difference between "Ranger ranger_audits" and "LogSearch audit_logs" Solr collections

Logsearch stores logs in the collection "hadoop_logs". What does it store in "audit_logs" and is there an overlap with Ranger?

I don't see any documentation for logsearch explaining what is in each collection.

And what "solr_audit_logs_use_ranger" means in the logsearch config.

Don't have an account?
Coming from Hortonworks? Activate your account here