Enabling Insight Gathering in Trial Mode

Describes how to enable insight collection in trial mode.

Prerequisites

The following prerequisites must be met before you can start insight gathering in trial mode:
  • The cluster/fabric on which you wish to track user behavior must have the insight service installed on at least one of the nodes of the cluster/fabric.
  • Hive Metastore must be installed and allowed to run with the default Derby database.

About this task

In the trial mode, the insight service is allowed to run only on a single node of a cluster/fabric. In other words, all the other insight services installed and configured to run are shutdown.

NOTE
The insight gathering stops when Hive Metastore is down and waits for Hive Metastore service to be up and running, before the insight service can commit records to the respective Apache Iceberg table.

Running the insight gathering in trial mode requires the following:

  • Auditing enabled in the cluster.
  • Streams for audit is enabled.

In trial mode, the insight service collects audit logs from all the nodes through streams and adds the audit log data to respective Iceberg tables.

Follow the steps given below to enable insight gathering in trial mode.

Procedure

  1. Enable audit. See Enabling and Disabling Auditing of Cluster Administration to enable auditing for cluster administration.
  2. Enable audit streaming. See Streaming Audit Logs for information on audit log streaming. See Enabling and Disabling Audit Streaming Using the CLI to enable audit streaming.
  3. Enable insight. See insight clusterto enable insight.

Results

Insight gathering begins in trial mode.

When the insight service is run in trial mode, the CLUSTER_ALARM_INSIGHTS_TRIAL_MODE alarm is raised that the insight service is operating in trial mode.

The insight data is gathered on the following Apache Iceberg tables.

  • Data from cldb audit stream is pushed to the cldb_is_demo table.
  • Data from auth audit stream is pushed to the auth_is_demo table.
  • Data from mfs audit stream is pushed to the mfs_is_demo table.
  • Data from s3 audit stream is pushed to the s3_is_demo table.