Table: servicenow_sys_audit - Query ServiceNow System Audit using SQL
ServiceNow System Audit is a feature that tracks changes made to records within the ServiceNow platform. It provides a comprehensive view of modifications, including what was changed, who made the change, and when the change was made. This feature is essential for maintaining data integrity and accountability within ServiceNow.
Table Usage Guide
The servicenow_sys_audit
table provides insights into the audit records within ServiceNow System Audit. As a system administrator or compliance officer, explore audit-specific details through this table, including the type of changes, the individual responsible for the change, and the timestamp of the change. Utilize it to maintain accountability, ensure data integrity, and conduct forensic analysis when necessary.
Examples
What are the most frequent changes made in the table?
Analyze the most common modifications made within a system to understand recurring patterns and trends. This can help in identifying areas that require frequent updates, indicating potential areas for system optimization or process improvement.
select tablename, fieldname, count(*) as countfrom servicenow_sys_auditgroup by tablename, fieldnameorder by count desclimit 10;
select tablename, fieldname, count(*) as countfrom servicenow_sys_auditgroup by tablename, fieldnameorder by count desclimit 10;
What are the most recent changes?
Uncover the details of the most recent modifications in your ServiceNow environment. This allows you to maintain an up-to-date understanding of changes, aiding in system management and troubleshooting.
select *from servicenow_sys_auditorder by sys_created_on desclimit 10;
select *from servicenow_sys_auditorder by sys_created_on desclimit 10;
Which user made the most changes?
Identify the user who has made the highest number of changes. This is useful for auditing purposes or to reward the most active contributors.
select sys_created_by, count(*) as countfrom servicenow_sys_auditgroup by sys_created_byorder by count desclimit 10;
select sys_created_by, count(*) as countfrom servicenow_sys_auditgroup by sys_created_byorder by count desclimit 10;
How many records were modified on a specific date?
Explore the number of modifications made on a particular day. This can be useful in understanding the volume of changes in your system for specific dates, which can help with tracking activity and identifying potential anomalies.
select count(*) as countfrom servicenow_sys_auditwhere sys_created_on :: date = '2023-05-04' :: date;
select count(*) as countfrom servicenow_sys_auditwhere date(sys_created_on) = '2023-05-04';
What are the changes made by a specific user?
Discover the modifications made by a particular individual. This is useful to track user activity and maintain accountability within your system.
select *from servicenow_sys_auditwhere sys_created_by = 'JohnDoe'order by sys_created_on desclimit 10;
select *from servicenow_sys_auditwhere sys_created_by = 'JohnDoe'order by sys_created_on desclimit 10;
Schema for servicenow_sys_audit
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
documentkey | text | Key of the audited document or record. | |
fieldname | text | Name of the field that was audited. | |
internal_checkpoint | text | Checkpoint value used for internal tracking. | |
newvalue | text | New value of the audited field. | |
oldvalue | text | Old value of the audited field. | |
reason | text | Reason or description for the change. | |
record_checkpoint | bigint | Checkpoint value for the audited record. | |
sys_created_by | text | User who created the audit record. | |
sys_created_on | timestamp with time zone | Date and time when the audit record was created. | |
sys_id | text | Unique system identifier for the audit record. | |
tablename | text | Name of the table that was audited. | |
user | text | User associated with the audit record. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- servicenow
You can pass the configuration to the command with the --config
argument:
steampipe_export_servicenow --config '<your_config>' servicenow_sys_audit