Here is the original problem: custom reports - at least most implementations thereof (that we’ve seen) - suck! They’re slow, they can be confusing, and some even require that admins learn a new skill set, like SQL. Put bluntly, it’s a poor admin experience, and that’s not the Okta way.
Reporting is just a manifestation of logging – that is, reports can only be as good as the information that's gathered and organized in the system. We knew this endeavor had to be more than a facelift of our existing reports to satisfy the need of Okta admins. And of course, we've got plans: We want to be the secure connection between people and technology. To that end, the more visibility we have and the more actionable intelligence we are able to leverage, the stronger the Okta product is going to be across the board.
That’s why over a year ago, Okta went back to the drawing board. We completely overhauled our logging infrastructure so that event data could be fetched in real-time and with low latency (and I mean real-time…. events show up in the log in under 10 milliseconds). On top of that, we built a brand new presentation layer, dubbed the System Log, to allow admins to interact with the data and use filters to customize what’s displayed - all while surfacing even more data about each specific event.
I'm excited to introduce the new System Log to you in a two-part blog series. Today, we'll cover the basics, and later we'll up the ante and cover some other cool features that may not be readily apparent. Let's get started!
First things first, here's the System Log of old:
And here’s what the System Log looks like now:
You'll immediately notice that the UI has completely changed. Let's talk about the latest enhancements (we'll get into all the details later in the post):
- Events are logged in real-time. Seriously. Event-to-log times average less than 10 milliseconds.
- You can now change the Time Zone of all System Log Events
- You can filter the system log using either Basic partial string queries or Advanced Filtering.
- You can view events in a list view or map view.
- Dozens of metadata attributes are now stored and presented for each event, drill down to your heart's content.
Less talking; more doing? Well then, let’s get all Hands-On with it.
Time Zone SelectionEvents display in the time zone of your choice. For example, if you choose Eastern Daylight Time (EDT) in the drop down:
Your events will display with that adjustment:
And if you change to Pacific Daylight Time (PDT) in the drop-down:
The same events will be adjusted to match the chosen time zone:
This makes it a lot easier for admins all over the globe to triage events and investigate any incidents. Pretty cool, huh? We're just getting started...
Simple SearchThe new features of System Logs allow admins to search the logs and/or apply filters in real time. Try it: Search for all or part of a user's name and click the magnifying glass.
Notice that the events in the System Log are filtered to include only events where an attribute matches that string. In this case, it's all of the events that were done to or by "Eric"
This is called partial string search and it's a quick and dirty way to filter down the thousands of events in the System Log report to a more manageable set.
Map ViewThose of you with the keen eye noticed that there is another button at the top-left part of the events pane:
When you click on that you’ll notice something pretty cool:
A map view!
All applicable events in the System Log are tagged with geolocation data, which means they can be plotted on a map. The screenshot above shows a density diagram for where events in this org have occurred over the given timeframe. You can see a lot of activity around the United States, some in the EU, and a little bit more down in Australia. You can always flip back and forth from the map to the list view in the report. And yes, the data set is the same in both views, so the map shows only the results from your current search filters (in this case “Eric”).
Feel free to zoom in and out and drag the map around - you’ll get even more detail:
Now you can see at-a-glance where authentication activity in your organization is happening and find suspicious locations with ease.
Simple Search and a Map View are handy and quick ways to visualize Okta event data. In the second part of this blog series, I will up the ante with Advanced Search, which lets you filter data more precisely. If you have questions about the System Log enhancements, submit a Question on the community, Tweet at us @Okta or send an email to firstname.lastname@example.org.