Reporting on system tables

System tables are, by default, restricted from the Reporting module.

These tables include, but are not limited to:

  • Sys audit [sys_audit]
  • Log [syslog]
  • Transaction Log [syslog_transaction]
  • Attachment [sys_attachment]
  • Email [sys_email]

The reason for this is because sys_audit is typically the largest table in any instance. It is not unusual for the audit table, in even a mid-sized instance, to be several gigabytes. In a large installation, this table can be 50GB or more.

When we access the sys_audit table programmatically, we know what our query pattern is going to look like, so we have added appropriate data indexes to match our queries. This means that when you bring up, for example, the history of an incident, the database can use an index to efficiently pull back the few dozen rows it needs for that query.

With freeform reporting, however, we cannot predict what your query pattern is going to look like. Maybe you want to group by fieldname, or sort by oldvalue. So it is possible your queries are not going to be indexed queries. The net result is you will be asking the database to table scan a multiple gigabyte file, which is bad for these reasons:

  • It is slow, so your report will take an unacceptably long time to run.
  • While the database is scanning your table, your instance will slow down or even become unavailable because other queries cannot get the resources they need.

If you must report on a system table, you can add it to the glide.ui.permitted_tables property. Navigate to System Properties > UI Properties and locate the property labeled List of system tables (beginning with "sys_", comma separated), that are reportable. By default, system tables are not reportable. Proceed with caution.