Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How can I get the ranger audits from solr (Ambari Infra) using a curl call, in the similar format as ranger, my cluster is kerberised ?

Solved Go to solution

How can I get the ranger audits from solr (Ambari Infra) using a curl call, in the similar format as ranger, my cluster is kerberised ?

pdegave
Explorer

Created ‎06-30-2017 10:06 AM

 
Reply
649 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: How can I get the ranger audits from solr (Ambari Infra) using a curl call, in the similar format as ranger, my cluster is kerberised ?

krajguru
Rising Star

Created ‎06-30-2017 10:09 AM

@Pankaj Degave

You can use the below call to get only the required fields mentioned in Ranger UI. 

curl -o ranger.query --negotiate -u : -X GET "http://<ambari-infra-solr-instance-hostname>:8886/solr/ranger_audits_shard1_replica1/select?q=*%3A*&fq=evtTime%3A%5B2017-06-11T10%3A44%3A00Z+TO+NOW%5D&fl=policy,evtTime,reqUser,repo,resource,resype,access,result,enforcer,cliIP,cluster,event_count&sort=evtTime+desc&start=0&rows=307600&wt=csv&version=2"

Depending on what all logs you want to pull adjust the evtTime, the above query pulls all the audit records, change the evtTime to the timestamp of the first record in ranger.

View solution in original post

Reply
240 Views
1 REPLY 1
Highlighted

Re: How can I get the ranger audits from solr (Ambari Infra) using a curl call, in the similar format as ranger, my cluster is kerberised ?

krajguru
Rising Star

Created ‎06-30-2017 10:09 AM

@Pankaj Degave

You can use the below call to get only the required fields mentioned in Ranger UI. 

curl -o ranger.query --negotiate -u : -X GET "http://<ambari-infra-solr-instance-hostname>:8886/solr/ranger_audits_shard1_replica1/select?q=*%3A*&fq=evtTime%3A%5B2017-06-11T10%3A44%3A00Z+TO+NOW%5D&fl=policy,evtTime,reqUser,repo,resource,resype,access,result,enforcer,cliIP,cluster,event_count&sort=evtTime+desc&start=0&rows=307600&wt=csv&version=2"

Depending on what all logs you want to pull adjust the evtTime, the above query pulls all the audit records, change the evtTime to the timestamp of the first record in ranger.

View solution in original post

Reply
241 Views
Don't have an account?
Register
Coming from Hortonworks? Activate your account here