In our process application we create incidents for technical exceptions (e.g. if we try and call a Web Service and it is not available). There are 3x main operations in Operate that allow us to work with and rectify our incidents..
Retry (including Bulk Retry)
Move Token
Modify Data
We really want to be able to generate some kind of audit around these operations (e.g. which user did what to which instance) but I cannot work out how we can do this.
The audit trail in Operate doesn’t capture these operations (just any consequences of them). Similarly, the events in ElasticSearch just reflect the consequences (if there are any, modifying the data for example, has no consequences).
We could try and build our own version of Operate but not all of the operations are available via the REST API.
Does anyone have any suggestions as to how we could achieve our goals? Is this functionality likely to be added any time soon?
Thanks for bringing up this important question about audit trails for Operate operations! This is indeed a common requirement for organizations that need to track user actions for compliance and governance purposes.
Current State
Based on the documentation and available information:
What Operate Currently Stores:
Operate does store user operations (retry, move token, modify data) in its Elasticsearch indices
This data is visible in the Operate UI as part of the audit trail
The data is stored in indices with the operate prefix
Current Limitations:
The Operate REST API doesn’t expose detailed user attribution for these operations
While the operations are recorded, the specific username/user ID for each operation isn’t readily accessible via API
The exact structure of user operations in Elasticsearch indices isn’t documented in detail
Potential Workarounds
Direct Elasticsearch Access: Since user operations are stored in Elasticsearch, you could potentially query the indices directly. However, the schema isn’t fully documented, so this would require investigation of your specific Elasticsearch indices structure.
Custom Logging: You could implement custom logging in your application layer to capture user actions before they’re performed in Operate, though this wouldn’t cover direct Operate UI usage.
Recommendation: Feature Request
This appears to be a gap in the current functionality. I’d strongly recommend filing a feature request for enhanced audit trail capabilities that include: