In addition to default metrics, Identity Governance provides the ability to query your operations database for additional statistics that could help you to better monitor the health of your governance system. The product also displays an asterisk (*) in front of the names of the custom metrics to distinguish them from default metrics. You can click the metric name to view the details of the metric.
To create a custom metric:
Log in as a Global or Data Administrator.
Select Configuration > Analytics and Role Mining Settings.
Next to Metrics Collection, select the + icon and select New.
Specify a name for the new metric.
Optionally, select an existing category or create a custom category by selecting Add Custom.
Type a short description for the metric.
(Optional) Select Allow use in governance widgets to enable the custom metric results to be displayed as a custom widget on the Governance Widgets page.
Click Storage, select a data store to publish the custom metric results, and then provide additional location information as required. For a Kafka data store, you must specify a topic. All other data store types are databases, which require a table name. The metrics will collect into the table you specify. For example, for large volume analytics you could define a metrics data store for your Vertica or Kafka database, select that data store for your metric, and then specify a table name or a topic name to store the metrics.
NOTE:If you select a metrics data store that is a Local Database type, Identity Governance collects your metric to a table in the Identity Governance ARA database. In this case you do not have to specify a table name.
If you do not specify a table name, Identity Governance creates a table with ex_randomGUID naming convention. However, it is recommended that you provide a meaningful table name.
(Conditional) If you select to store the metric in Vertica, specify the schema name in Table before the table name and separate these with a comma.
Click SQL Statement and enter a SQL select statement. For example, to calculate how many role policies are active enter select count(id) as active from role_policy where state = 'ACTIVE'.
NOTE:Identity Governance automatically checks for statement errors and potential SQL injections to prevent invalid or malicious code. However, ensure that you have defined your query correctly, since you cannot edit saved custom metrics. If needed, you will have to delete the custom metric, and then create a new one to change your definition.
Specify an alias and type for each column selected in the SQL statement.
Click Metric Columns.
Click Add Column and specify an alias and type for each column selected in the SQL statement. When specifying an alias:
Do not use SQL reserved keywords as an alias for a custom metric column. Using a reserved keyword as a column name will cause an error. If, for example, you use "end" as an alias name in your custom metric definition when Identity Governance is connected to a PostgreSQL database, the PostgreSQL client will display the following error message:
Fact validation failed: Unable to create table. Verify there are no reserved SQL keywords used as column aliases. ERROR: syntax error at or near "end" Position: 150.
SQL reserved keywords vary based on the database. Refer to your database documentation for a list of database-specific reserved SQL keywords.
For timeline, bar chart, and donut widgets, specify type as Long. In addition, for timeline specify String. For example, select ds.name application, count(ds.name) as appcount from cert_policy_violation cpv left join data_source ds on ds.unique_id = cpv.unique_application_id and ds.data_source_type='APPLICATION' and ds.deleted=false group by ds.name.
Ensure that the alias in Metric Columns and the SQL query match. For example, add metric column active with a type of Long for the SQL statement example in Step 10.
Repeat the above step to add more columns.
Address any metric column section warnings that appear.
NOTE:Creating a metric with a warning might not work correctly.
Select Save.
To create a custom metric from an Insight Query:
Log in as a Global or Data Administrator.
Select Configuration > Analytics and Role Mining Settings.
Next to Metrics Collection, select the + icon and select New from Insight Query. For information about creating insight queries, see Section 12.5, Analyzing Data with Insight Queries.
Select the Insight Query to use, and then select Add.
Specify a name for the custom metric and adjust any other settings, including those populated based on the Insight Query and storage settings for metrics.
Select Save.
After creating custom metrics, you can collect them on demand by selecting one or more custom metrics and then selecting Actions > Collect metrics. In addition, you can also select Actions > Delete Custom to delete custom metrics.