Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger SOLR Access log to only contain activity of specific users

Highlighted

Ranger SOLR Access log to only contain activity of specific users

Explorer

We would like to use ranger audit to HIVE to track HIVE View user activity alone. Currently when I enable Ranger Plug in for Hive it logs activity of all Hive users. Predominantly, I see the access log of edge node user the most since thats used to run the scheduled jobs.We have around 20 HIVE View users and it becomes difficult for me to add each of these users in filter to get their results. Here is what I am thinking.Either of these options will help me:

1. Can I modify the solr query to isolate the edge node user?

2. Can I filter the results by saying "User <> edgenodeuser"

3. Can I create a custom ranger audit report. But how?

Thanks,

Abhi

3 REPLIES 3
Highlighted

Re: Ranger SOLR Access log to only contain activity of specific users

You can probably use /service/access/accessAudit api. Please note the parameter requestUser.

For example...

curl -k -i --header "Accept:application/json" -H "Content-Type: application/json" --user admin:admin -X GET "http://localhost:6080/service/assets/accessAudit?page=0&pageSize=25&startIndex=0&sortBy=eventTime&startDate=04%2F27%2F2018&requestUser=hive"

Highlighted

Re: Ranger SOLR Access log to only contain activity of specific users

Explorer

Thanks @vperiasamy for your input. I have some questions:

1. how do I pass a condition like requestUser<>hive, so it gives me information of all other user except hive.

2. This being in JASON format, I assume I may have to pass it to a visualization tool to make it presentable. Right?

3. Is there a provision within Ranger where I can embed this so I can see it like a dashboard.

Re: Ranger SOLR Access log to only contain activity of specific users

@Abhilash Chandra

1. requestUser is a query parameter for the rest call, so there is no way to pass "<>". You would have to script from your end to see data for users you are interested in.

2. Yes, Ranger provides data in JSON format. You can present it as you like outside of Ranger.

3. From within Ranger UI, you should be able to use Access Audit tab to apply these filters on audit data.

Don't have an account?
Coming from Hortonworks? Activate your account here