To view audit logs for files and folders

1. From the Workspace navigate to the Data Sources list-view.

2. Expand a filer or Web application to display a list of configured shares or site collections. Or expand a share or site collection to view the folders, sites, document libraries, or picture libraries present within the share or the site collection.
3. Click a folder. The Summary panel populates to display additional details.
4. ClickExpand Profile on the Summary panel to display the underlying folder-centric views.

   By default, the Overview tab displays the a summary of the selected data repository.

5. Click Audit Logs. Or right-click the file or folder and select Audit Logs.
6. Apply the time filter for which you want to view the user activity on a specific file or folder.
7. Select Include sub-folders, if you want to view activity logs for the subfolders that are contained in the selected folder.
8. Click Go.

   The Access Pattern Map appears, which provides details about the users who have accessed that file or folder and the count of read and write user events on it. The option Include events on files before rename includes all events, including those before the Rename audit event was received for the file.

9. The audit logs provide the following information:

   • The name of the user who generated the event.

     In case of an Permission Change event, Data Insight displays the name of a fictitious user. You can view the details of the event in the Other Info column, however the name of the user is displayed as _DI_PERMCHG_DUMMY_USER_.

     See About audit logs.

   • The name of the file that is accessed.

   • The path of the file.

   • The type of access event.

     In case of a folder on a SharePoint site, the SharePoint access type such as checkout, view, check in, write, update, delete, and move to Data Insight meta access types - Read, Write, Create, Delete, and Rename.

     Permission Change events are represented by the access type - PERMCHANGE.

   • The type of file

   • The access count

   • The IP address of the computer from which the file was accessed.

     Currently, you cannot view the IP address of the computer from which the file was accessed for Windows File Servers, VxFS filers, and SharePoint sites.

     In case of an Permission Change event, the IP address is displayed as 0.0.0.0.

   • The start and end time for the time window in which the event occurred.

10. Click the Export icon at the bottom of the page to save the data to a .csv file.
11. Click the drop-down arrow on any column header and select Columns. Then, select the parameters you want to show or hide in the Access Pattern table.

To filter the audit logs

1. To further filter the logs, do one of the following:

   • Select adjacent cells in the Access Pattern Map, right-click, and select View Audit Logs.

   • To view all accesses for the day, click on the column header of the Access Pattern Map.

   • To view all accesses of a user, click on the row header of that user.

   You can control-click to select multiple adjacent cells in the Access Pattern Map.

2. You can choose to filter the audit logs further using one or all of the following criteria:

   • The period for which you want to view the audit logs.

   • The start and the end date for which you want to view events.

   • The type of access.

     Data Insight maps all SharePoint access types such as checkout, view, check in, write, update, delete, and move to Data Insight meta access types - Read, Write, Create, Delete, and Rename.

     You can enter multiple comma-separated values.

3. Enter the filter criteria in the relevant fields and click Go.