Log Current Value with DialogWatchProperty

Using v8.1.1. I've got Splunk that wants to consume the historical data of One Identity. I've got a bunch of watched properties and they're logging into DialogWatchProperty and DialogWatchOperation but my problem is that the current value of an attribute isn't stored in DialogWatchProperty when a change is made, only the old value. This means I have to do something custom for the Splunk agent to get the data it wants. Any ideas about approach to doing this?

Parents
  • I ended up writing a mammoth query that has CASE WHEN THEN statements for each possible table and column that appears in the DialogWatch tables and joining to every table that is logged and feeding all that into one attribute.

Reply
  • I ended up writing a mammoth query that has CASE WHEN THEN statements for each possible table and column that appears in the DialogWatch tables and joining to every table that is logged and feeding all that into one attribute.

Children
No Data