Events
- 08 Jan 2024
- 6 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Events
- Updated on 08 Jan 2024
- 6 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The Events screen displays information related to audit events collected on SQL instances, if auditing has been enabled.
Enabling Auditing
To enable auditing, connect to the Support Portal and open a support ticket requesting the audit module to be enabled.
Enabling auditing provides the authorization to create a WISdom database and jobs to gather and store the audit data. The jobs will frequently collect the audit data and store the information in the WISdom database. The Data Collector periodically reads, transmits, and deletes the data. Provided the Data Collector can connect to a monitored instance, data will not build up in the WISdom database. If the Data Collector is not running or loses connection to an instance, the auditing information will still be collected by the jobs and stored in the WISdom database. The data will continue to be stored until the next successful connection to the monitored instance when the Data Collector will read, transmit, and delete the information.
The information displayed in the Events section is divided between 2 screens, either the Overview or the Details (see the sections below for specifics for either screen). Both are impacted by the drop-down filters and the selected time range, and the filter and time range will persist between screens (all filters are not available on both screens). There are multiple drop-down filters available for both the Overview and Details screen, that are additive and can be inclusive or exclusive. Additional information related to the drop-down filters may be found in the Navigation and Tools section of the User Guide.
To explore the Events information, you'll find two screens: Overview and Details (For more detailed information see the related sections below).
The Overview screen provides a summary of key event information.
The Details screen offers a more in-depth look at the events on a specific instance.
Both screens are customizable:
Refine your view using drop-down filters and a time range selector.
These choices persist between screens, ensuring a consistent view.
Not all filters are available on both screens, so explore to find the right fit for your needs.
For more guidance on using filters and navigating the interface, check out the Navigation and Tools section of the User Guide, specifically:
Drop-down Filters documentation
Choosing a Time Range documentation
The filter options available for the 2 screens are defined below:
Environment - Tags defined for each instance in the Instance - List section, like Production, Development, ... .
Instance - The name of the instance being monitored.
Database - Name of a database. The database name may include more than a single instance.
Weekday - Filters the display to the days selected (a day is midnight to midnight local browser time).
Time of Day - Allows the filtering by predefined 4-hour blocks of time.
Object Type - Displays the predefined Object Types that are audited. These Object Types have been logically according to the Event Type. (see the Event Type below for more information and link to Microsft documentation)
Event Type - Provides the Event Types to be filtered based on server level and database level Action Groups. More information can be found on the Microsoft Learn site with the SQL Server Audit Action Groups and Actions document.
Expand the Overview or Details for more information.
Overview
Overview screen
The Overview screen contains 3 areas that summarize the Events collected based on the selected filters and time range.
Audit By Charts
The top 2 charts display the total number of audit events broken down by the Day of Week and by the Time of Day (predefined 4-hour blocks), quickly displaying the day(s) and time(s) auditing events that are occurring.
Events Table
The Events table displays the count of the events that occurred by instance and, if applicable, by database, during the defined time range. If the Event is a database audit event, there could be several entries for a single instance, each with a different database.
The table has several functions available:
Each column is sortable with a click on the column header.
The Instance and Database data (when populated) may be clicked to provide a popup option to copy the data, add the select to the filter, or remove the selection from the filter.
A click on the SQL Statement value in the table causes a popup to display with the entire SQL Statement visible.
The magnifying glass in the upper right corner allows a search of the table. Click on the icon, and enter the search value.
The Group By allows the data to be grouped by Default (no grouping), Instance, Database, or SQL Statement.
The 3 vertical dots next to the Group By provide the option to export the data or view it in a full-screen pop-out.
The bottom right corner below the table provides the ability to navigate through the data pages. The number of pages is determined by the number of rows per page displayed, a configurable quantity (see the next line)
The bottom left corner below the table allows the choice of the number of rows displayed per page.
The options are 5, 10, 15, 25, 50, or 100. The default is 15.
Slicers
The Slicers are not always open by default, if they are not visible, click on the blue funnel icon in the upper right corner. The slicers will slide out from the right side of the screen. To hide the slicers, click on the blue bar labeled Slicers or the funnel icon and it will collapse down providing additional screen space. See the Slicers documentation for more functionality.
The slicers provide the total count of events by various categories consisting of Top Instances, Top Databases, Top Statements, and Top Audit Events.
Details
Details screen
The details screen will only show data if a single selection has been made in the drop-down Instance filter. Upon entry to the screen, if a selection has not been made, the message on the screen states an instance must be chosen to display data. The filter and time range may be directly modified on the screen without the need to navigate back to the Overview screen.
The screen displays the Event Details table that contains information about the events collected for the instance during the chosen time range.
The table contains 5 columns defined here:
Date - the date and time the event was recorded.
Instance - the name of the instance where the event was recorded.
Database - the name of the database where the event was recorded if the event was on the database object level.
Login - the name of the login that triggered the event. Not all events can collect the login information leaving some blank.
SQL Statement - the statement that triggered the event. If the statement is large, it will only display a portion of the full statement. Click on the statement to display a flyout with the full statement (statements greater than 10,000 characters may be truncated)
The table has several functions available:
Each column is sortable with a click on the column header.
The Instance and Database data (when populated) may be clicked to provide a popup option to copy the data, add the select to the filter, or remove the selection from the filter.
A click on the SQL Statement value in the table causes a popup to display with the entire SQL Statement visible.
The magnifying glass in the upper right corner allows a search of the table. Click on the icon, and enter the search value.
The 3 vertical dots next to the magnifying glass provide the option to export the data or view it in a full-screen pop-out.
The bottom right corner below the table provides the ability to navigate through the data pages. The number of pages is determined by the number of rows per page displayed, a configurable quantity (see the next line)
The bottom left corner below the table allows the choice of the number of rows displayed per page.
The options are 5, 10, 15, 25, 50, or 100. The default is 50
Was this article helpful?