Ranger Audit Logs

This page displays the audit logs for Hive. You can search logs, save your searches, and filter the logs by different time periods. You can also download the log data from this file.

To access the Ranger Audit Logs page, execute the following steps.

  1. Navigate to Logs in the left menu.
  2. Click the Ranger Audit tab.

Searching Ranger Audit Logs

You can search for audit logs associated services installed in your cluster. These logs are displayed within the timeline you select.

To search for audit logs, do the following.

  1. From the left panel, you can apply the following criteria for searching a log file.
    • Services: Displays the list of services used in the integrated applications. These services display the time stamp at which the associated logs were last captured at.
    • Filters: You can filter with the following criteria:
      • Host.name
      • resType
      • clilP

To search a host name or cmd from the available list, type the hostname or cmd in the respective search box. If the value exists, the list displays that value automatically.

  1. Click the search icon placed near the search text box at the top of the page. You can alternatively type your search query manually and click the search icon.

The query string accepts only boolean operators.
  • To refresh the panel, click the refresh icon.
  • To hide the panel, click Hide and to display the panel click Show.
  • Use and icons to display and hide the list of Services and Filters.
  • To search a host name or source from the available list, type the hostname or source in the respective search box. If the value exists, the list displays that value automatically.
  • To copy name of the Services and Filter, click the that appears next to the name when you hover over the name.

The filtered logs are displayed in the log details pane below the search bar.

Log Details Panel

The log details pane displays the following details of a log file.

Column NameDescription
TimestampThe date and time at which the log was captured.
Host NameThe host name from which the log was captured.
Resource TypeThe type of the resource on which the log was generated. This can be Table, database, column, or null.
Event TimeThe date and time when the event was recorded.
ResourceThe name of the resource on which the log was generated.
ComponentThe name of the component on which the log was generated.
ActionThe database action associated. This can be create, select or any.
Request DataThe nature of the information requested by the query. You can view the request query code.
Client TypeThe type of the client on which log was generated.
Client IPThe IP address of the client on which the log was generated.
Result
Agent HostThe agent host name from which the log was captured.
Cluster NameThe cluster on which the log was generated.
Log File PathThe path of the log file.

The logs are divided in the following severity levels:

  • Error
  • Info
  • Warn
  • Debug
  • Trace

Note You can click a label to view the log of that severity level.

Features

Grouping Logs

You can group the audit logs by Trace, Severity, or Host. Click the Group By drop-down label in the top left corner of the log details panel and select a grouping criteria.

Searching by Phrase

To search a word or phrase in a log, do the following.

  1. Click Highlight Text in the top-right corner of the Audit screen. A text box appears.
  2. You can input a string in the search box using either of the following ways.
    • Type the phrase or word in the text box and press the enter key.

Click the Match Phrase button to return results that contain the exact words of the string, in the order specified.
  1. Select and copy the text from the log window that you want to search, and paste it in the search box and press the enter key.
  2. The written or pasted text if found, is highlighted in the log messages. You can also search multiple phrases or words.

Saving a Search Query

To save a search query, do the following.

  1. Type the query in the search box and click the icon. A Save Search window appears.
  2. Type a name for the search query in the Name text box.
  3. Click Save.

The search query is saved.

Loading a Saved Query

To load a query from the search queries you saved, do the following.

  1. Click the Search button in the left side of the search box.
  2. From the available list of saved queries, click the query you want to load.

The query is loaded and associated logs are displayed.

Downloading Logs

To download the logs, click the icon in the top right corner of the table. The logs are downloaded in the .xlsx format.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Actions

For additional help, contact www.acceldata.force.com OR call our service desk +1 844 9433282

Copyright © 2025

On This Page
Ranger Audit LogsSearching Ranger Audit LogsLog Details PanelFeaturesGrouping LogsSearching by PhraseSaving a Search QueryLoading a Saved QueryDownloading Logs