SupportAbility Event Data Logs and Paid Investigations
SupportAbility stores detailed event and data change logs on all Staff activity as they use the system. However, SupportAbility does not provide an interface that allows providers to query or report on these logs.
As a result, any enquiries or investigations that need to be conducted must be done using paid support time.
This article explains the nature of the event data logs, what they were designed to achieve, and why investigations on those logs require paid Engineering resources.
Audience: Authorised Representatives, IT Specialist
The following list summarises the content within this article. Click on the links below to take you to the relevant sections:
- Why does SupportAbility store event and data changelogs?
- Investigations - querying the event data logs
Why does SupportAbility store event and data changelogs?
SupportAbility's event data logs were designed to address two key requirements:
- to provide an analytical tool for our engineering team to investigate system behaviour and bugs,
- to provide historical detail in serious events such as a court subpoena.
What data gets logged?
In light of these requirements, the event log records immensely detailed technical event data for SupportAbility user sessions, recording:
- the details of every page accessed and related user action,
- every change to the SupportAbility installations underlying database, down to the field level.
Who has access to these logs?
Only the Senior Engineers and Chief Technology Officer (CTO) at SupportAbility can access and query the data logs and no one can edit these logs.
Only our CTO has the ability to delete the logs and does so once a notification is received that they are reaching capacity.
Investigations - querying the event data logs
The information contained in the event logs is very low-level technical information designed specifically for software engineers performing quality assurance tasks or investigating bugs.
Performing investigations for providers using these event logs and querying them to generate reports is a very manual and time-consuming process because this was not their intended purpose. Each investigation requires our Engineering team to:
- design custom queries to retrieve and filter the data required to answer the questions posed by the investigation,
- sift through the detailed results and perform analysis to answer the questions posed by the investigation,
- interpret the data and communicate the findings back to the provider.
There are also other factors that can complicate and slow down investigations:
Due to the distinctly different nature of data associated with page access details and record updates, two separate databases are used with bespoke schemas. This means that investigations usually involve querying both databases, merged in time sequence to provide accurate accounts of the events to see the actions of users and the database changes those actions triggered.
The granular nature of these event logs produces large databases that contain hundreds of millions of records and require terabytes of disk storage. For example, simply clicking the Save button on an Activity that has replications configured can trigger the creation of thousands of event logs as the data across many records gets updated.
Due to the immense scale of event log data being collected, these log databases need to be rotated a few times a year. This rotation process involves archiving the current log databases once they reach a certain size limit and replacing them with new empty databases that store data from that point forward. Thus investigations that require information across longer time periods can take significantly longer because our Engineering team may need to query data from both current and archived event log databases.
If an organisation needs to query the event log data in your SupportAbility installation for any reason, investigation requests may be possible using paid support time. For more information regarding this, please see the Support Contract Pricing article linked below for reference.
Most investigations take somewhere between 6 to 20 hours from our Engineering team. Each investigation needs to be accepted, quoted and then approved prior to being scheduled by SupportAbility based on availability.
In some cases, it can take our Engineering team in excess of an hour to even scope the work required to complete the required investigation, therefore please be aware that this facility is specifically designed for serious cases requiring an audit.
All investigation requests should be sent via your organisation's Authorised Representatives to firstname.lastname@example.org