Reporting on system tables

System tables are, by default, restricted from the Reporting module.

These tables include, but are not limited to:

  • Sys audit [sys_audit]
  • Log [syslog]
  • Transaction Log [syslog_transaction]
  • Attachment [sys_attachment]
  • Email [sys_email]

The reason for this is because Sys audit is typically the largest table in any instance. It is not unusual for the audit table, in even a mid-sized instance, to be several gigabytes. At a large installation, this table can be 50GB or more.

When we access the Sys audit table programmatically, we know what our query pattern is going to look like, so we have added appropriate data indexes to match our queries. This means that when you bring up, for example, the history on an incident, the database can use an index to efficiently pull back the few dozen rows it needs for that query.

With freeform reporting, however, we cannot predict what your query pattern is going to look like. Maybe you want to group by fieldname, or sort by oldvalue. So it is possible your queries are not going to be indexed queries. The net result is you will be asking the database to table scan a multiple GB file, which is bad for these reasons:

  • It is slow, so your report will take an unacceptably long time
  • While the database is grinding the disk to scan your table, your instance will slow down or even become unavailable because other queries cannot get the resources they need.

If you must report on a system table, you can add it to the glide.ui.permitted_tables property. Navigate to System Properties > UI Properties and locate the property labeled List of system tables (beginning with "sys_", comma separated), that are reportable. By default, system tables are not reportable. Proceed with caution.