Quick StartThe ReportMagic MenuReport StudioFilesSchedulesBatch JobsReport JobsDashboardsProfileAdminAccount DetailsGetting StartedAbout ReportMagicRegistering and Logging InReport LibrarySearching ReportMagicConnections and AgentsWriting ReportsStarting Out With Report StudioCreating Report TemplatesRMScriptMacro ShorthandReporting on Different Periods of TimeSetting Macro Parameter DefaultsStoring Input and Output FilesReport VariablesUsing Variable ParametersSpecifying How Graphs LookStep-by-Step LogicMonitor Graph ExamplesStep-by-Step Jira Graph ExamplesSpecifying How Tables LookChanging Fonts and ColorsUsing Macros in PowerPoint TemplatesRestricted MacrosGenerating Reports Using SchedulesUsing HTML Forms in SchedulesSeeing How Reports RanViewing ReportsCached ValuesUsing AggregationsAdvanced Report StudioAdvanced [Object.Graph:] MacroAPI AccessREST APIREST API - FilesAdvancedRole-Based Access Control (RBAC)SecurityMiscellaneousBadgesCertificationsTips, Tricks and Shortcut KeysMacrosAgentAgent.ConnectionAgent.ExecuteAgent.MonitorMagicNodeListAgent.MonitorMagicNodeMeasurementListAgent.MonitorMagicNodeMeasurementSummaryAgent.MonitorMagicNodePropertyListAgent.MonitorMagicNodeTypeListAgent.PropertyAgent.SqlAnalysisAgent.SqlGraphAgent.SqlListAgent.SqlTableAgent.SqlValueAgent.SqlValuesAgent.WebQueryAlertMagicAlertMagic.MetricsGraphAlertMagic.MetricsListAlertMagic.StatisticsAutoTaskAutoTask.AccountListAutoTask.AccountPropertyAutoTask.ConnectionAutoTask.CountAutoTask.FieldListAutoTask.FieldPropertyAutoTask.ListAutoTask.PropertyAutoTask.SummaryValueAutoTask.TicketListAutoTask.TicketPropertyAzureAzure.ConnectionAzure.LogAnalyticsGraphAzure.LogAnalyticsQueryAzure.LogAnalyticsScalarAzure.LogAnalyticsTableAzure.ResourceGroupListAzure.ResourceListAzure.ResourcePropertiesAzure.SentinelAlertRuleListAzure.SentinelConnectorListAzure.SentinelIncidentListAzure.SentinelThreatIndicatorListAzure.SentinelThreatIndicatorMetricListAzure.SubscriptionListBloggerBlogger.BlogPropertyBlogger.ConnectionBlogger.PageBlogger.PageListBlogger.PagePropertyBlogger.PostBlogger.PostListBlogger.PostPropertyCacheCache.ExpiresCache.GetCache.IsSetCache.SetCache.UnsetCertifyCertify.ConnectionCertify.DepartmentListCertify.DepartmentPropertyCherwellCherwell.BusinessObjectDefinitionListCherwell.BusinessObjectListCherwell.BusinessObjectSchemaCherwell.BusinessObjectSummaryCherwell.ConnectionCiscoCisco.ConnectionCisco.FirmwareVersionPropertyCisco.SecurityAdvisoryListCisco.SerialNumberPropertyCisco.SoftwareSuggestionListCiscoDnaCenterCiscoDnaCenter.ConnectionCiscoDnaCenter.SiteListCiscoDnaCenter.SitePropertyCloudHealthCloudHealth.AssetDetailsCloudHealth.AssetListCloudHealth.AvailableReportDimensionsCloudHealth.AvailableReportOptionsCloudHealth.AvailableReportsListCloudHealth.AwsAccountDetailsCloudHealth.AwsAccountsListCloudHealth.ConnectionCloudHealth.CustomerDetailsCloudHealth.CustomerListCloudHealth.CustomerReportDetailsCloudHealth.CustomerStatementDetailsCloudHealth.OrganisationAccountsListCloudHealth.OrganisationListCloudHealth.QueryCodacyCodacy.ConnectionCodacy.ListConnectWiseManageConnectWiseManage.ConnectionConnectWiseManage.CountConnectWiseManage.DictionaryConnectWiseManage.ListConnectWiseManage.PropertyCoreArrayArray.CountBreakBreakpointCalculateColorCommentContinueConvertDeleteDeleteRowDocumentBookmarkDocumentBreakDocumentInsertSectionDocumentSectionEmailEmailFileEmailReportExecuteForEachFormatTableCellFormatTableRowIfIgnoreIncInsertTableCellImageIsSetLinearRegressionLinkMapObjectRandomRegexRepeatRowSearchAndReplaceSectionSettingsSleepStopStopwatchStringStringIndexSubstringSwitchThrowExceptionUnsetWarningWhileDatabaseDatabase.ConnectionDatabase.GraphDatabase.ListDatabase.TableDatabase.ValueDatabase.ValuesDataMagicDataMagic.SyncDictionaryDictionary.ItemDictionary.KeysDictionary.ValuesDocumentDocument.SetPropertiesDropBoxSignDropBoxSign.ConnectionFileFile.CopyFile.CopyOutputFilesFile.Csv.CellFile.Csv.RowFile.Csv.RowCountFile.Csv.TableFile.EmbedFile.ExecuteFile.ExistsFile.ImageFile.InsertFile.ListFile.LoadListFile.LoadObjectFile.LoadStringFile.LoadVariablesFile.SaveObjectFile.Xlsx.CellFile.Xlsx.RowFile.Xlsx.RowCountFile.Xlsx.TableFunctionFunction.CallFunction.DefineGoogleGoogle.ConnectionGoogle.TableGraphGraph.AddDataGraph.DeleteDataGraph.RenameDataGraph.UpdateGravatarGravatar.ImageHaloPsaHaloPsa.ConnectionHaloPsa.ListHighlightHighlight.BearerSummaryHighlight.BroadbandSummaryHighlight.CellularSummaryHighlight.ConnectionHighlight.FolderListHighlight.HttpServerPerformanceSummaryHighlight.IcmpTcpUdpPerformanceSummaryHighlight.MosPerformanceSummaryHighlight.PrecisionPerformanceSummaryHighlight.TunnelSummaryHighlight.WatchNodeListHighlight.WirelessAccessPointSummaryHubSpotHubSpot.ListHubSpot.PropertyHubSpot.QueryJarrayJarray.TableJiraJira.AttachmentImageJira.AttachmentListJira.AttachmentPropertyJira.ConnectionJira.GraphJira.InsertMarkupJira.IssueAnalysisJira.IssueCommentListJira.IssueCommentPropertyJira.IssueLastCommentPropertyJira.IssueListJira.IssuePropertyJira.IssueResponseTimeJira.LastImageJira.StatusListJira.TableJira.TimeInStateJira.UserListJira.UserPropertyJsonJson.ItemJson.ListKrokiKroki.ImageListList.AddList.AnalysisList.ComplementList.CountList.DequeueList.DuplicatesList.FirstList.GraphList.GroupByList.IndicesOfList.IntersectionList.ItemList.RangeList.SelectList.SelectColumnsList.SortList.SummaryValueList.TableList.UnionList.WhereLogicMonitorLogicMonitor.AccountPropertyLogicMonitor.AlertAnalysisLogicMonitor.AlertCalendarLogicMonitor.AlertCountLogicMonitor.AlertListLogicMonitor.AlertMapLogicMonitor.AlertPropertyLogicMonitor.AlertRuleListLogicMonitor.AlertRulePropertyLogicMonitor.AlertStatusLogicMonitor.AlertTableLogicMonitor.AppliesToFunctionListLogicMonitor.AppliesToFunctionPropertyLogicMonitor.AppliesToListLogicMonitor.AuditEventAnalysisLogicMonitor.BigNumberWidgetValuesLogicMonitor.ClearCacheLogicMonitor.CollectorExecuteLogicMonitor.CollectorGroupListLogicMonitor.CollectorGroupPropertyLogicMonitor.CollectorListLogicMonitor.CollectorPropertyLogicMonitor.CollectorVersionListLogicMonitor.CollectorVersionPropertyLogicMonitor.ConfigCheckListLogicMonitor.ConfigCheckPropertyLogicMonitor.ConfigSourceGroupListLogicMonitor.ConfigSourceListLogicMonitor.ConfigSourcePropertyLogicMonitor.ConfigSourceXmlLogicMonitor.ConnectionLogicMonitor.ConnectionApiTokenLogicMonitor.ConvertToLiveWidgetLogicMonitor.DashboardLogicMonitor.DashboardGroupListLogicMonitor.DashboardGroupPropertyLogicMonitor.DashboardListLogicMonitor.DashboardPropertyLogicMonitor.DashboardWidgetListLogicMonitor.DatamartSyncLogicMonitor.DataPointListLogicMonitor.DataPointPropertyLogicMonitor.DataSourceGraphListLogicMonitor.DataSourceGraphPropertyLogicMonitor.DataSourceGroupListLogicMonitor.DataSourceListLogicMonitor.DataSourcePropertyLogicMonitor.DataSourceXmlLogicMonitor.DeviceConfigSourceFileLogicMonitor.DeviceConfigSourceInstanceListLogicMonitor.DeviceConfigSourceListLogicMonitor.DeviceConfigSourcePropertyLogicMonitor.DeviceCountLogicMonitor.DeviceDataSourceListLogicMonitor.DeviceDataSourcePropertyLogicMonitor.DeviceGroupListLogicMonitor.DeviceGroupPropertyLogicMonitor.DeviceListLogicMonitor.DevicePropertyLogicMonitor.DeviceSlaWidgetPropertyLogicMonitor.DeviceTableLogicMonitor.EscalationChainDestinationListLogicMonitor.EscalationChainDestinationPropertyLogicMonitor.EscalationChainListLogicMonitor.EscalationChainPropertyLogicMonitor.EventSourceFilterListLogicMonitor.EventSourceFilterPropertyLogicMonitor.EventSourceGroupListLogicMonitor.EventSourceListLogicMonitor.EventSourcePropertyLogicMonitor.EventSourceXmlLogicMonitor.FinancialInformationLogicMonitor.ForecastLogicMonitor.GraphLogicMonitor.GraphSpecificationLogicMonitor.HistoricSdtListLogicMonitor.ImageLogicMonitor.InstanceAnalysisLogicMonitor.InstanceCountLogicMonitor.InstanceDetailsTableLogicMonitor.InstanceGroupCountLogicMonitor.InstanceGroupListLogicMonitor.InstanceListLogicMonitor.InstancePropertyLogicMonitor.IntegrationListLogicMonitor.IntegrationPropertyLogicMonitor.JobMonitorListLogicMonitor.JobMonitorPropertyLogicMonitor.LastMeasurementLogicMonitor.LogAnalysisLogicMonitor.LogicModuleMetadataPropertyLogicMonitor.LogicModuleUpdateListLogicMonitor.LogicModuleUpdatePropertyLogicMonitor.LogItemListLogicMonitor.NetscanGroupListLogicMonitor.NetscanGroupPropertyLogicMonitor.NetscanListLogicMonitor.NetscanPropertyLogicMonitor.NewUserMessagePropertyLogicMonitor.PaymentInformationLogicMonitor.PercentageAvailabilityLogicMonitor.PortalVersionLogicMonitor.PropertySourceGroupListLogicMonitor.PropertySourceJsonLogicMonitor.PropertySourceListLogicMonitor.PropertySourcePropertyLogicMonitor.QueryLogicMonitor.RecipientGroupListLogicMonitor.RecipientGroupPropertyLogicMonitor.RecycleBinItemListLogicMonitor.RecycleBinItemPropertyLogicMonitor.ReportGroupListLogicMonitor.ReportGroupPropertyLogicMonitor.ReportListLogicMonitor.ReportPropertyLogicMonitor.ResourceAnalysisLogicMonitor.ResourceGroupAnalysisLogicMonitor.RoleListLogicMonitor.RolePropertyLogicMonitor.SdtListLogicMonitor.SdtPercentageLogicMonitor.SdtPropertyLogicMonitor.SingleSignOnPropertyLogicMonitor.SlaWidgetValuesLogicMonitor.SnmpSysOidMapListLogicMonitor.SnmpSysOidMapPropertyLogicMonitor.SummaryValueLogicMonitor.SummaryValueListLogicMonitor.ThresholdLogicMonitor.TrafficTableLogicMonitor.UnmonitoredDeviceListLogicMonitor.UnmonitoredDevicePropertyLogicMonitor.UserApiTokenListLogicMonitor.UserApiTokenPropertyLogicMonitor.UserListLogicMonitor.UserPropertyLogicMonitor.WebsiteCheckpointDataListLogicMonitor.WebsiteCountLogicMonitor.WebsiteGroupAnalysisLogicMonitor.WebsiteGroupCountLogicMonitor.WebsiteGroupListLogicMonitor.WebsiteGroupPropertyLogicMonitor.WebsiteListLogicMonitor.WebsitePropertyLogicMonitor.WidgetStatusMagicSuiteMagicSuite.ApplyBrandMagicSuite.BadgeListMagicSuite.ConnectionMagicSuite.ConnectionListMagicSuite.ConnectionPropertyMagicSuite.ConnectionStatusPropertyMagicSuite.FeedbackListMagicSuite.FeedbackPropertyMagicSuite.GlobalSettingPropertyMagicSuite.MacroGroupListMagicSuite.MacroHelpMagicSuite.MacroListMagicSuite.ReportBatchJobCountMagicSuite.ReportBatchJobListMagicSuite.ReportBatchJobPropertyMagicSuite.ReportConnectionSummaryMagicSuite.ReportJobCountMagicSuite.ReportJobListMagicSuite.ReportJobPropertyMagicSuite.ReportMacroCountMagicSuite.ReportPropertyMagicSuite.ReportScheduleCountMagicSuite.ReportScheduleListMagicSuite.ReportSchedulePropertyMagicSuite.SetReportPropertyMagicSuite.SubscriptionListMagicSuite.SystemPropertyMagicSuite.TenantImageMagicSuite.TopicHelpMagicSuite.VersionMerakiMeraki.CameraImageMeraki.ConfigurationChangeListMeraki.ConnectionMeraki.DevicePropertyMeraki.DeviceUplinkPropertyMeraki.EndOfLifeMeraki.NetworkClientListMeraki.NetworkDeviceListMeraki.NetworkEventListMeraki.NetworkListMeraki.NetworkPropertyMeraki.NetworkSwitchPortsListMeraki.NetworkSwitchStackListMeraki.OrganizationDeviceLicenseListMeraki.OrganizationDeviceLicensePropertyMeraki.OrganizationDeviceListMeraki.OrganizationDeviceListStatusPropertyMeraki.OrganizationInventoryListMeraki.OrganizationLicenseStatePropertyMeraki.OrganizationListMeraki.OrganizationPropertyMeraki.OrganizationUplinkUsageMeraki.WirelessNetworkClientConnectionStatsPropertyMeraki.WirelessNetworkClientLatencyListMeraki.WirelessNetworkClientsConnectionStatsListMeraki.WirelessNetworkClientsLatencyListMeraki.WirelessNetworkConnectionStatsPropertyMeraki.WirelessNetworkDeviceConnectionStatsPropertyMeraki.WirelessNetworkDeviceLatencyListMeraki.WirelessNetworkDevicesConnectionStatsListMeraki.WirelessNetworkDevicesLatencyListMeraki.WirelessNetworkLatencyListMicrosoftDataverseMicrosoftDataverse.ConnectionMicrosoftDataverse.CountMicrosoftDataverse.EntityDefinitionsListMicrosoftDataverse.EntityListMicrosoftDataverse.EntityPropertyListMicrosoftDataverse.ListMicrosoftDataverse.PropertyMicrosoftGraphMicrosoftGraph.ConnectionMicrosoftGraph.QueryObjectObject.ArrayCountObject.GraphObject.PropertyObject.TypeObject.UnpackObject.UnpackVariablesOpenAiOpenAi.AnswerOpenAi.CompleteOpenAi.ConnectionOpenAi.ImageQuickBooksQuickBooks.ConnectionQuickBooks.PropertySalesforceSalesforce.ConnectionSalesforce.ListSalesforce.PropertyServiceNowServiceNow.ConnectionServiceNow.CountServiceNow.CreateServiceNow.DeleteServiceNow.DictionaryServiceNow.ListServiceNow.PropertyServiceNow.UpdateShapeShape.AddShape.CloneShape.DeleteShape.FormatShape.HideShape.SetPropertyShape.SetTextSideroLabsOmniSideroLabsOmni.ConnectionSideroLabsOmni.ListSideroLabsOmni.ObjectSlackSlack.ConnectionSlack.MessageSlideSlide.DeleteSlide.DeleteSectionSlide.LinkSlide.MoveToSlide.RepeatSmtpSmtp.ConnectionSnmpSnmp.EnterprisePropertySolarWindsSolarWinds.ConnectionSolarWinds.SqlListSolarWinds.SqlTableSqlSql.AnalysisTableTable.ColumnCountTable.DeleteTable.FormatTable.GraphTable.MergeCellsTable.MergeRowsTable.RowCountTable.SaveTable.SortTable.WorldMapTimeCalendarCronHumanReadableCronRunDateDateRangeDateTimeDateTime.IsInWorkHoursDateTime.WorkHoursDurationTimeSpanTogglToggl.ClientListToggl.ClientPropertyToggl.ConnectionToggl.ProjectListToggl.ProjectPropertyToggl.ProjectReportPropertyToggl.TimeEntryListToggl.TimeEntryPropertyToggl.UserListToggl.UserPropertyToggl.WorkspaceListToggl.WorkspacePropertyTwilioTwilio.ConnectionTwilio.SmsUkParliamentUkParliament.PetitionCountUkParliament.PetitionListUkParliament.PetitionPropertyVariableVariable.ImageVariable.ListVariable.PropertyWebWeb.ConnectionWeb.HtmlWeb.ImageWeb.QueryWeb.ScreenshotWeb.TableWeb.TextXlsxXlsx.AddAnalysisXlsx.EmbedZendeskZendesk.ConnectionZendesk.ListZendesk.PropertyZoho.DeskZoho.Desk.ZohoListZoho.Desk.ZohoProperty
[LogicMonitor.AuditEventAnalysis:]

Adds an Audit Event Analysis tab to the XLSX output document.

Purpose

Adds an Audit Event Analysis tab to the XLSX output document, using data from the LogicMonitor audit logs (Settings => Audit Logs) and enhanced with additional data.

Compatibility

The macro can be used in the highlighted input document types only. A greyed-out icon indicates not supported.

Usage

Does not work in Report Studio. The default columns output into the XLSX file are: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole', 'WildValue' and 'Count'. This macro intentionally fails if the date range is greater than 3 months, for memory and performance reasons. Note that if the Log item's Description is more than 32,767 characters, it will be truncated to 32,767 characters, due to limitations in Excel. Otherwise when you open the file in Excel, it will complain that the file cannot be opened and attempt an automatic fix which itself truncates the file.

Parameters (32)
Behaviour (2)6 additional
Parameter TypePresencePurpose Options Default
maxAttempts
 Int32OptionalThe maximum number of attempts when requesting data via the LogicMonitor API.
  • From 1 to 2147483647
 N/A
waitDuringUpgrades
 BooleanOptionalWhether to wait during LogicMonitor upgrades (i.e. execution essentially pauses).
  • true
  • false
 N/A
Additional (6)
Parameter TypePresencePurpose Options Default
auto
 BooleanOptionalIf 'true', the reporting period will be the last calendar month and neither startDate nor endDate parameters may be used.
  • true
  • false
 false
errorOnOverflow
 BooleanOptionalShould NCalc expression evaluation throw error on Overflow
  • true
  • false
 true
if
 StringOptionalThe condition that must be true in order for the macro to be executed/evaluated. Must either evaluate to true or false, for example: "3+5=8" or "contains('abcd', 'z'). N/A true
mode
 MacroModeOptionalThe mode in which variables are stored. In the legacy mode (default for Schedules), the variable created is a string and formatted. In the normal mode (default for Report Studio), the output variable is stored as a strongly-typed theObject, e.g. an Int32 or a List etc., rather than a formatted string.
  • Legacy
  • Normal
 Legacy
obfuscation
 ObfuscationTypeOptionalObfuscation type. Use obfuscation to write reports where sensitive data is hidden. When used, ReportMagic guarantees that the same input string will map to the same output string for the whole of the report (but the next time the report runs, it will most likely map to a different value). If you use obfuscation, the property in your macro will not show up and instead, you will see a fake item of the obfuscation type chosen.
  • None
  • UkTown
  • DeviceName
  • Company
  • IpAddress
  • PrivateIpAddress
 None
warning
 StringOptionalIf specified, adds a warning message for this macro. This is processed as an NCalc, and the warning message will ALWAYS be present and will be the value of the evaluated NCalc expression. N/A N/A
Chart (1)
Parameter TypePresencePurpose Options Default
addChart
 BooleanOptionalWhether to add a chart to the Analytics worksheet.
  • true
  • false
 true
Time & Date (3)
Parameter TypePresencePurpose Options Default
endDate
 DateTimeOffsetOptionalThe end date in the format YYYY-MM-DD. N/A Midnight on the first day of this month
monthsToReport
 Int32OptionalIf set, sets 'endDate' to the 'start' plus the specified number of months. N/A N/A
startDate
 DateTimeOffsetOptionalThe start date in the format YYYY-MM-DD. N/A Midnight on the first day of last month
Filtering & Sorting (2)
Parameter TypePresencePurpose Options Default
pivotTableFilterFields
 List<String>OptionalThe pivot table filter fields. In Excel's PivotTable Fields UI, these correspond to the items in the 'Filters' section. You an use any of the heading names: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole' and 'WildValue'. N/A N/A
where
 StringOptionalAn optional NCalc expression such as: contains(jPath(item, 'UserName'), 'monitoring'). The 'item' token inside this jPath function is mandatory and represents a log item, and finds the value of 'UserName' on it. You can use any of these properties in the expression (they are the same as XLSX output headings and always WITHOUT spaces): 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole', 'WildValue' and 'Count'. For more details about NCalc and expression examples, refer to the [Calculate:] macro. N/A N/A
Output (2)
Parameter TypePresencePurpose Options Default
failureText
 StringOptionalThe text to display should the macro fail to execute. Note that a poorly-specified macro (e.g. omitting mandatory parameters) will still result in an error message. N/A N/A
failureVariable
 StringOptionalThe name of a variable to create should the macro fail to execute. The variable will be a text variable, and will contain either the failure text (only if the failureText parameter is set), otherwise it will contain the exception / failure message. N/A N/A
General (7)5 additional
Parameter TypePresencePurpose Options Default
addTitle
 BooleanOptionalWhether to add a title to the Analytics worksheet.
  • true
  • false
 true
columnGrandTotals
 BooleanOptionalWhether to add column grand totals to the pivot table.
  • true
  • false
 true
pivotTableColumnFields
 List<String>OptionalThe pivot table column fields. In Excel's PivotTable Fields UI, these correspond to the items in the 'Columns' section. You an use any of the heading names: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole' and 'WildValue'. N/A N/A
pivotTableRowFields
 List<String>OptionalThe pivot table row fields. In Excel's PivotTable Fields UI, these correspond to the items in the 'Rows' section. You an use any of the heading names: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole' and 'WildValue'. N/A N/A
pivotTableValueFields
 List<String>OptionalThe pivot table value fields. In Excel's PivotTable Fields UI, these correspond to the items in the 'Values' section. For each column name, you can specify the aggregation to use via the ^ character e.g. column1^Sum. Omit this to use the default Count aggregation. Valid aggregation values are: 'Average', 'Count', 'CountNumbers', 'Max', 'Min', 'Product', 'StdDev', 'StdDevP', 'Sum', 'Var' or 'VarP'. For each column name, if and only if you have specified an aggregation, you can also specify the number format to use in the pivot table and chart. To do this, use an additional caret separator and specify the number format. For example: column1^Sum^0.00 would use 2 decimal places for the format. You an use any of the heading names: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole' and 'WildValue'. N/A N/A
rowGrandTotals
 BooleanOptionalWhether to add row grand totals to the pivot table.
  • true
  • false
 false
worksheetName
 StringOptionalThe name to use for the analytics worksheet (which will contain the pivot table and chart). The data worksheet (which will contain the 'fact table') uses this name plus the suffix ' Data'. If a worksheet by this name already exists, the new name will have a number appended, e.g. Analytics1, Analytics2, etc. Excel does not allow blank names, names above 31 characters, and the following characters: :, /, \, ?, *, [, ]. N/A Audit Event Analytics
Additional (5)
Parameter TypePresencePurpose Options Default
comment
 StringOptionalAdd a comment to make your document template more readable. The comment is discarded in the output document. N/A N/A
connectionName
 StringOptionalThe name of the Connection. N/A N/A
desiredExecutionResult
 ExecutionResultOptionalIf specified, asserts the expected execution result of the macro. The macro executes normally; if the actual result matches the desired value, the result is converted to Success. If the actual result does not match, the result is converted to MacroError with a descriptive message. This is primarily used for testing and diagnostic purposes. Valid values are: Unknown, Success, MacroError, WorkerStopped, Running, Warning, NeverRun, Cancelled, Pending, Paused, SystemError, Deferred, Stopped.
  • Cancelled
  • Deferred
  • MacroError
  • NeverRun
  • Paused
  • Pending
  • Running
  • Stopped
  • Success
  • SystemError
  • Warning
  • WorkerStopped
 N/A
expectedType
 StringOptionalIf specified, asserts the expected output type of the macro result. The macro executes normally; if the actual type does not match, a macro error is generated. Requires 'storeAs', 'storeAsHidden', or 'storeFormattedValueAs' to be set for typed validation. Valid types include CLR names (e.g. Int32, Int64, Single, Double, Boolean, String, JArray, JObject) and C# keyword aliases (e.g. int, long, float, double, bool, string, uint, ulong, short, ushort, byte, sbyte, decimal, char, object). The special value 'Number' matches any numeric type. N/A N/A
expectedValue
 StringOptionalIf specified, asserts the expected output value of the macro result. The macro executes normally; if the actual value does not match, a macro error is generated. When 'storeAs' or 'storeAsHidden' is set, the stored variable value is compared. Otherwise, the document output text is compared. N/A N/A
Deprecated (4)
Parameter TypePreferred ParameterPurpose Options Default
columnFields
 List<String>pivotTableColumnFieldsThe pivot table column fields. In Excel's PivotTable Fields UI, these correspond to the items in the 'Columns' section. You an use any of the heading names: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole' and 'WildValue'. N/A N/A
filterFields
 List<String>pivotTableFilterFieldsThe pivot table filter fields. In Excel's PivotTable Fields UI, these correspond to the items in the 'Filters' section. You an use any of the heading names: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole' and 'WildValue'. N/A N/A
rowFields
 List<String>pivotTableRowFieldsThe pivot table row fields. In Excel's PivotTable Fields UI, these correspond to the items in the 'Rows' section. You an use any of the heading names: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole' and 'WildValue'. N/A N/A
valueFields
 List<String>pivotTableValueFieldsThe pivot table value fields. In Excel's PivotTable Fields UI, these correspond to the items in the 'Values' section. For each column name, you can specify the aggregation to use via the ^ character e.g. column1^Sum. Omit this to use the default Count aggregation. Valid aggregation values are: 'Average', 'Count', 'CountNumbers', 'Max', 'Min', 'Product', 'StdDev', 'StdDevP', 'Sum', 'Var' or 'VarP'. For each column name, if and only if you have specified an aggregation, you can also specify the number format to use in the pivot table and chart. To do this, use an additional caret separator and specify the number format. For example: column1^Sum^0.00 would use 2 decimal places for the format. You an use any of the heading names: 'ActionType', 'AlertId', 'AlertNote', 'ApiMethod', 'ApiPath', 'ApiTokenId', 'CollectorDescription', 'CollectorGroupId', 'CollectorGroupName', 'CollectorId', 'CollectorName', 'Command', 'DataSourceDeletedInstanceIds', 'DataSourceDeletedInstanceNames', 'DataSourceNewInstanceIds', 'DataSourceNewInstanceNames', 'DateTime', 'Description', 'EndDownTime', 'EntityType', 'Host', 'Id', 'InstanceId', 'InstanceName', 'LogicModuleId', 'LogicModuleVersion', 'MatchedRegExId', 'MonthlyMetrics', 'OriginalDescription', 'OriginatorType', 'OutcomeType', 'PerformedByUsername', 'PropertyName', 'PropertyValue', 'RemoteSessionId', 'RemoteSessionType', 'RequestId', 'ResourceDataSourceId', 'ResourceGroupId', 'ResourceGroupName', 'ResourceHostname', 'ResourceIds', 'ResourceNames', 'RestrictSso', 'SessionId', 'StartDownTime', 'Time', 'UserEmail', 'UserId', 'UserName', 'UserRole' and 'WildValue'. N/A N/A

Examples (3)

Example 1

This example customises the date (to fetch just one day's worth of data), and also configures the pivot table with various items:

[LogicMonitor.AuditEventAnalysis: startDate=2025-01-01 00:00:00, endDate=2025-01-02 00:00:00, pivotTableColumnFields=Description;ActionType, pivotTableFilterFields=AlertId;CollectorName, pivotTableRowFields=DateTime, pivotTableValueFields=CollectorId]
Example 2

This example shows how to use the 'where' parameter to include only logs where the PerformedByUsername contains the text 'monitoring'. The 'isNullOrEmpty' check ensures any items where the PerformedByUsername value is empty or null do not cause a failure. Note the use of back-ticks around the where expression, as it contains single quotes which can interfere with macro parsing:

[LogicMonitor.AuditEventAnalysis: startDate=2025-02-01 00:00:00, endDate=2025-02-02 00:00:00, where=`!isNullOrEmpty(jPath(item, 'PerformedByUsername')) && contains(jPath(item, 'PerformedByUsername'), 'monitoring')`]
Example 3

This example shows how to use the 'where' parameter to include only audit events where the API method is 'GET'. Note the use of back-ticks around the where expression, as it contains single quotes which can interfere with macro parsing:

[LogicMonitor.AuditEventAnalysis: startDate=2025-02-01 00:00:00, endDate=2025-02-10 00:00:00, where=`jPath(item, 'ApiMethod') == 'GET'`]
Home ReportMagic AlertMagic DataMagic NCalc 101 Docs
Feedback
Type
Priority
Summary
Description
Page
Include Screenshot
Search
Search Term
Search Product
An unhandled error has occurred. Reload 🗙