Using custom audit aging

For additional flexibility to manage audit data, the custom audit aging mechanism is used to contrive the configuration of TTL and limit audit event count which is based on entity or audit action type.

Custom audit aging encompasses both default aging and Sweep out options available throughout the audit data ecosystem.

Supported custom aging configurations

  • atlas.audit.custom.ageout.count=20
  • atlas.audit.custom.ageout.ttl.in.days=30
  • atlas.audit.custom.ageout.entity.types=<List of entity types>
  • atlas.audit.custom.ageout.action.types=<List of audit action types>

Using these configurations, Atlas limits (with audit count) or age-out (with TTL) audit data for the configured entity and audit action types.

Custom audit aging configurations are categorized using the following use cases:

Actions by Description
Entity Type

Example: Limit to five latest audits for hive_column.

atlas.audit.custom.ageout.count=5

atlas.audit.custom.ageout.entity.types=hive_column

By Action Type

Example: Delete all ENTITY_UPDATE audit events older than ten days.

atlas.audit.custom.ageout.ttl.in.days=10

atlas.audit.custom.ageout.action.types=ENTITY_UPDATE

Limited audit by Action type for specific entity type

Example: Limit to five latest ENTITY_UPDATE audits for hive_storagedesc entities.

  • atlas.audit.custom.ageout.count=5
  • atlas.audit.custom.ageout.entity.types=hive_storagedesc
  • atlas.audit.custom.ageout.action.types=ENTITY_UPDATE

Example: Limit to five latest audits created in the last 1 week for hive_db entities

  • atlas.audit.custom.ageout.count=5
  • atlas.audit.custom.ageout.ttl.in.days=7
  • atlas.audit.custom.ageout.entity.types=hive_db