Configuration of audit providers is performed via modification of the application.conf
b2audit {
elasticsearch {
host: "localhost"
port: 9200
scheme: "http"
The above is an example configuration for a localhost elastic instance audit client.
These are default values and do not need to be overridden in the application.conf
unless connecting to a foreign host.
Elasticsearch index definition/configuration is performed using JSON files.
The inbuild REST request audit service uses a file called es-resourcerequests.json
to define mappings:
"mappings": {
"@@INDEX_TYPE@@": {
"_all": { "enabled": false },
"properties": {
"class": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"duration": { "type": "integer" },
"status": { "type": "integer" },
"email": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"httpMethod": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"method": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"package": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"path": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"timestamp": {
"type": "date",
"format": "YYYY-MM-dd HH:mm:ss.SSSZ"
"queryParams": {
"type": "nested",
"properties": {
"name": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"values": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"pathParams": {
"type": "nested",
"properties": {
"name": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
"values": {
"type": "text",
"fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }
To override this file, simply place a modified copy in $B2BOX_DATA/conf
Index names¶
The index names generated by Platform 6 have a strict format:
b2-<user index name>--<b2box application id>
For example:
b2-resourcerequests--simont-test or b2-myindex--simont-test
Kibana can then be used to view and search the index data generated:
Specifying audit trail structure via JSON¶
A named Elasticsearch index will be created using a JSON definition file when the following Groovy method is called: audit.open(id)
If the index already exists, index updates are not performed. The current definition is left unchanged.
The JSON file searched for has the pattern: es-<id>.json
The file should be placed on the classpath in $B2BOX_DATA/conf
The following is an example index mapping file:
"mappings": {
"myindex": {
"_all": { "enabled": false },
"properties": {
"timestamp": {
"type": "date",
"format": "YYYY-MM-dd HH:mm:ss.SSSZ"
"company": {
"type": "text",
"fields": {"keyword": { "type": "keyword", "ignore_above": 256 } }
"amount": { "type": "float" },
"taxes": {
"type": "nested",
"properties": {
"salestax": { "type": "float" },
"taxrate": { "type": "float" }
The Platform 6 audit trail client auto generates a timestamp value. So it is advisable to add a mapping definition.
This is an example Groovy script which created the define structure using the file es-myindex.json
def success = audit.open("myindex")
println success
Writing to an audit trail¶
Writing (posting) to an audit trail is simple in Groovy:
def auditValues = [:]
auditValues["company"] = "Amalto"
auditValues["amount"] = 101.12
audit.post "myindex", auditValues
Once an audit trail table has been created there is no need to use the open
method again… unless you need to validate it’s existence.
Writing to a nested RECORD is more tricky:
def auditValues = [:]
def taxValues = []
def taxValue1 = [:]
taxValue1["salestax"] = 12.35
taxValue1["taxrate"] = 10
def taxValue2 = [:]
taxValue2["salestax"] = 123.45
taxValue2["taxrate"] = 100
auditValues["taxes"] = taxValues
auditValues["company"] = 'Amalto'
auditValues["amount"] = 123.45
audit.post 'myindex', auditValues
Using Kibana you will see the audit data written: