I’m using Sentinel 7 but I think that SLM works at the same way.

I have an IDM workflow with tree forms: request, approval1 and
approval2. I need show all the history based on my activities, ie:

Activity0: requested by user1, date, request text;
Activity1: approved by user2, date, approval text;
Activity2: approved by user3, date, approval text.

My query needs to be like:


msg as message
evtgrpid: (SELECT evtgrpid WHERE (evt"User Message \: Activity") AND msg:requester*) OR (evt"User Message \: Activity1") AND msg:approver1*) OR (evt"User Message \: Activity2") AND msg:approver2*)


But this not work. There is a way to do this?

I need also to use two or more queries. As IDM logs only the CN and DN
and I need to search by Full Name, EmployeeID and so on, I’m thinking to
develop a JDBC driver and extend the SIEM database schema, but first I
will need to search the database to convert search fields in CN
information (ie: Full Name in CN) and then use this result as parameter
in a new search. Is that possible?

I thought to create a final log action that summarizes everything but
this brings me other problems with search and status (reports will not
show running workflows).

