All pages
Powered by GitBook
2 of 10

Organizations Setup

The first step to using Datalogz is to create a connector for the organization.

Overview

A connector is an access for Datalogz to connect to a BI environment. We recommend organizations create single connector per each BI platform. Currently, Datalogz support connection with PowerBI, Tableau, Qlik, and Spotfire.

When a connector is created, Datalogz automatically extracts BI metadata and creates default monitors.

Connector Settings

Navigate to Connectors and choose a connector by clicking the connector name.

Admins will be able to:

  • Edit connector name

  • Edit projects/workspaces/streams

  • Modify fresh schedule

  • Export connector history

  • Manually refresh connector

  • Disable connector

Only Root User and Admin have access to Connector Settings.

Disable Connector

Toggle on/off to enable/disable the connector.

Multiple Connectors

You can create multiple connectors in Datalogz under a single account, as the organization might use multiple BI tools (e.g. Tableau, Qlik).

Only Root Users can create new connectors.

To create a new connector:

  1. Click New Connector

  2. Choose the type of connector

Log-in Methods

Your log-in method is configured at the time of your Datalogz license activation.

We support the following login methods:

Google Authentication

Log in with your Google account using any Google-supported email address.

Microsoft Authentication

Log in with your Microsoft account, provided you're using a Microsoft-supported email address and your organization has approved Datalogz as a third party tool.

If you are unable to log in to our application using your Microsoft Entra ID account, you may be blocked by your organization's policy. To solve this, your administrator will need to manually grant consent by via the following URL: https://login.microsoftonline.com/YOUR_TENANT_ID/adminconsent?client_id=YOUR_DATALOGZ_CLIENT_ID

This URL requires your organization's Tenant ID and the Datalogz' Client ID (which you can obtain from your Customer Success Manager). Once your administrator approves via this link, your access should be enabled.

SAML

With SAML enabled, users can log in through their identity provider's website by selecting the SAML option on the login page.

Once the organization enables SAML, all members must log in using SAML.

Platform Connectors

A Datalogz account and license activation are pre-requisites to the following setup guides and should be completed prior to starting.

Please contact customers@datalogz.io if you do not have an active account and license before continuing.

Power BI

Applies to: Power BI Premium Per User (PPU), Power BI Premium Capacity

This guide will walk you through how to set up a Power BI connection in the Datalogz Control Tower using the service principal method for authentication. This Microsoft's recommended method for running an application in an automated way, without user input.

Setup Overview

Below is the order of operations for completing the Power BI connector setup

  1. Register an application in the Microsoft Entra portal

  2. Create a security group in the Microsoft Entra portal and add the app registration to the security group

  3. Add the security group to the Power BI tenant

  4. Create a Power BI connector in the Datalogz Control Tower

Setup Detail

1

Register an application in the Microsoft Entra portal

  1. Follow the steps outlined here

Note: The Application (client) ID and the Directory (tenant) ID values in the Overview screen of the registered application will be needed for the Power BI Connector setup in the Datalogz Control Tower.

  1. Under the Manage section of your registered application, select Certificates & secrets

  2. Under Client secret select New client secret

  3. Enter a Description for the client secret

  4. In the Expires leave the default set to Recommended: 180 days (6 months)

    1. Note: You can optionally set the expiry duration to be shorter or longer. Note however that once the client secret expires you'll have to create a new secret and re-authenticate the Datalogz Control Tower Power BI connector configuration.

  5. Click Add

  6. Copy the Value

    1. Note: The generated value will be our Application Secret Value used in the Datalogz Control Tower connector setup. Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page.

2

Create a security group in the Microsoft Entra portal

  1. Follow the steps outlined here.

  2. Under Group type select Security

    1. Note: Security groups are used to give group members access to applications, resources and assign licenses. Group members can be users, devices, service principals, and other groups.

  3. Enter a Group name

    1. Note: The group name will be needed to complete the Power BI tenant admin configuration.

  4. Under Members select No members selected

  5. Search for the name of the registered application, select the check box next to the name and then click Select

  6. Search for the name of the registered application created in step 1

  7. Click the checkbox next to the registered application and click Select

  8. You should now see the registered application listed under Direct members

3

Add the security group to the Power BI tenant

  1. From the Power BI admin portal navigate to the Tenant settings section

  2. Under Developer settings

    1. Find Service principals can use Fabric APIs

    2. Select Specific security groups

    3. Enter the security group created above

    4. Click Apply

  3. Under Admin API settings

    1. Find Service principals can call Fabric public APIs

      1. Select Specific security groups

      2. Enter the security group created above

      3. Click Apply

    2. Find Enhance admin APIs responses with detailed metadata

      1. Select Specific security groups

      2. Enter the security group created above

      3. Click Apply

    3. Find Enhance admin APIs responses with DAX and mashup expressions

      1. Select Specific security groups

      2. Enter the security group created above

      3. Click Apply

  4. Note: Power BI tenant configuration changes can take 15 minutes or longer to be applied.

4

Create a Power BI connector in the Datalogz Control Tower

  1. Log in to your Datalogz account

  2. Navigate to your organizations connectors

  3. Select New Connector

  4. Select Power BI

  5. Select Connect using a Service Principal (SP) and click Connect

  6. Enter the following information obtained in the previous steps

    1. Directory (Tenant) ID

    2. Application (Client) ID

    3. Application Secret Value

  7. Click Connect

  8. Enter a Connector Name

  9. Select the snapshot frequency, e.g., Weekly or Daily

  10. Select the kinds of workspaces you'd like to monitor, e.g., Premium, Shared, and/or Personal

  11. Select if you'd like to capture Activity and Capacity metadata as well.

    1. Note: For Capacity monitoring see the additional setup below

  12. Click Next

  13. Click Confirm and Finish

The additional capacity monitoring setup is optional, but highly recommended as it provides a way to monitor your Fabric capacity usage with the registered application created above.

1

Capcity Monitoring

  1. From the Power BI admin portal navigate to the Tenant settings section

  2. Under Integration settings

    1. Find Semantic Model Execute Queries REST API

      1. Select Specific security groups

      2. Enter the Azure security group created above

      3. Click Apply

        1. Note: When enabled, users in the organization can query semantic models by using Data Analysis Expressions (DAX) through Power BI REST APIs.

2

Install the Microsoft Fabric Capacity App

  1. Navigate to the Apps section on the side bar of Power BI.

  2. Search for the Microsoft Fabric Capacity App and add it.

  3. Navigate to the Microsoft Fabric Capacity Metrics workspace that is created with the app.

  4. Go to Manage Access and grant Admin permissions to the Azure security group

  5. Run the app for the first time to start data flowing into the semantic model.

    1. Note: The ID of the dataset/semantic model for the Fabric Capacity Metrics will be needed to complete the setup for Capacity monitoring in the Datalogz Control Tower Power BI connector.

      1. This can be found in the URL when viewing the semantic model in your web browser.

The full documentation for the Microsoft Fabric Capacity App can be found here.

For questions or assistance with this setup, please contact Datalogz support support@datalogz.io

Tableau

Applies to: Tableau Cloud, Tableau Server

The following guide will walk you through how to set up a Tableau connector in the Datalogz Control Tower using the personal access token method for authentication. This is Tableau's recommended method for authentication to the Tableau REST API without requiring hard-coded credentials or user interactive sign-in.

Setup Overview

Below is the order of operations for completing the Tableau connector setup

  1. Create a Tableau personal access token

  2. Create a Tableau connector in Datalogz Control Tower

Setup Detail

1

Generate a Tableau personal access token

  1. Follow the steps outlined here on generating a personal access token

Note: The user creating the personal access token (PAT) should have a Site Administrator role:

  1. Site Administrator Creator (recommended)

  2. Site Administrator Explorer

There are several pieces of information required from your Tableau host to complete the next steps.

  1. Host URL

    1. This is everything after https:// but before /#/

      1. Example: https://prod-useast-a.online.tableau.com/#/site/...

  2. Site Name

    1. This everything after /site/ but before /home

      1. Example: ...tableau.com/#/site/mysite/home

  3. API Version

    1. This table identifies which version of Tableau Server and Cloud correspond to the supported version of the ReST API.

  4. Personal Access Token Name

    1. This will be the name you specified in the creation of the personal access token above.

  5. Personal Access Token Secret

    1. This will be the value generated as the Secret

Note: The steps above will need to be repeated for each additional site as connectors are site specific.

2

Create a Tableau connector in the Datalogz Control Tower

  1. Log in to your Datalogz account

  2. Navigate to your organizations connectors

  3. Select New Connector

  4. Select Tableau

  5. Enter the following information obtained in the previous steps

    1. Host

    2. Site Name

    3. API Version

    4. Access Token Name

    5. Access Token Secret

  6. Click Connect

  7. Enter a Connector Name

  8. Select the snapshot frequency, e.g., Weekly or Daily

  9. Click Next

  10. Click Confirm and Finish

The additional activity log capture setup is optional, but highly recommended as it provides a way to analyze and audit tenant and site events.

1

Configure Tableau Cloud Activity Log

  1. Follow the steps outlined here.

Note: The following information will be needed to complete the setup with Datalogz Control Tower

  1. S3 Bucket Name

  2. Access Key ID

  3. Secret Access Key

  4. S3 Region

2

Configure Datalogz Control Tower Tableau Connector

  1. Go to the connector details page of the Tableau connector created in the previous setup.

  2. Enable the toggle next to AWS S3 Activities

  3. Enter in the following information:

    1. S3 Bucket Name

    2. S3 Access Key Id

    3. S3 Secret Access Key

    4. S3 Region

  4. Click Save

For questions or assistance with this setup, please contact Datalogz support support@datalogz.io

Qlik Sense

Applies to: Qlik Sense Enterprise on Windows

This guide will walk you through how to set up a Qlik Sense connector in the Datalogz Control Tower using the virtual proxy with header method for authentication. This Qlik method for authentication is easy to set up and a good choice for a development environment or between trusted systems.

Setup Overview

Below is the order of operations for completing the Qlik Sense connector setup

  1. Create a virtual proxy with header authentication in the Qlik Management Console (QMC)

  2. Create a Qlik Sense connector in Datalogz Control Tower

Setup Detail

1

Create a virtual proxy with header authentication in the Qlik Management Console (QMC)

  1. Follow the steps outlined here

Note: Note the following information will be needed to continue:

  1. Qlik Sense host URL

  2. Virtual proxy prefix

  3. Virtual proxy header name

  4. Virtual proxy header value

2

Create a Qlik Sense connector in Datalogz Control Tower

  1. Log in to your Datalogz account

  2. Navigate to your organizations connectors

  3. Select New Connector

  4. Select Qlik Sense

  5. Enter the following information obtained in the previous steps

    1. Host

    2. Virtual proxy prefix

    3. Virtual proxy header name

    4. Virtual proxy header value

    5. (Optional) NPrinting configuration. See below

  6. Click Connect

  7. Enter a Connector Name

  8. Select the snapshot frequency, e.g., Weekly or Daily

  9. Click Next

  10. Click Confirm and Finish

3

(Optional) NPrinting Details

Note: NPrinting setup is optional, but highly recommended as it provides a way to monitor usage and distribution of reports from Qlik Sense. The steps below assume that NPrinting is already installed and configured in your environment and that you have the following information.

  1. NPrinting Server Name

  2. NPrinting Port

  3. NPrinting User Domain

  4. NPrinting User Name

  5. NPrinting Password

For questions or assistance with this setup, please contact Datalogz support support@datalogz.io

Qlik Sense Details

Qlik Sense Metadata

  • Qlik Sense data in the Datalogz Control Tower comes from four sources: the QRS API, the Engine API, server audit logs, and the NPrinting API

  • Together, the information from these sources paint a detailed picture about what resources are stored in the Qlik Sense and NPrinting environments and how they are used

  • Metadata is aggregated across sources to generate comprehensive alerts and insights

    • For instance, be aggregating across data from the QRS API, Engine API, and audit logs, we can determine if third party tools, such as VizLib, are going unused

QRS API

  • From Qlik’s Repository Service API, we fetch most metadata about users and resources in the Qlik Sense environment

  • This includes details about apps, data connections, tasks, users, licenses, and user directories

  • In platform, this information makes up the Inventory page and backs several monitors and visualizations in the Insights and Exec views

Datalgoz Table
API Endpoint
Description of Data

qlik_sense_apps

/app/full

Metadata about apps in Qlik, including when it was created and last reloaded at, which stream it belongs to, its publication status, file size, and more.

qlik_sense_data_connections

/dataconnection/full

Metadata about data connections in Qlik, including the connection string, connection type, who the owner is and who last updated it.

qlik_sense_license_access_type_overview

/license/accesstypeoverview

A snapshot of the total number of licenses of each type and a breakdown of how many are used vs. available.

qlik_sense_analyzer_license_users

/license/analyzeraccesstype/full

All users with the analyzer license type.

qlik_sense_professional_license_users

/license/professionalaccesstype/full

All users with the professional license type.

qlik_sense_streams

/stream/full

Metadata about streams in Qlik, including the owner and when it was created and last updated.

qlik_sense_tasks

/task/full

Metadata about the various tasks in Qlik (reloads, external programs, user syncs, and distributes), including the last execution duration and status, whether it is manual or automatic, and the next execution time.

qlik_sense_user_directories

/userdirectory/full

Metadata about the user directories in the Qlik environment, including the type of directory and when it last successfully synced.

qlik_sense_users

/user/full

Metadata about users in Qlik, including their roles and attributes and which directory they’re a member of.

Engine API

  • From Qlik’s Engine API, we are able to fetch more detailed information about apps than is available in the QRS API

  • This includes an overview of the types of visualizations in each app as well as lineage information, such as which QVD files are referenced in an app

  • In platform, this metadata is used in the Insights page

Datalgoz Table
API Endpoint
Description of Data

qlik_sense_app_elements_agg_engine

GetAllInfos

A mapping of each element type to the apps that contain it.

qlik_sense_qvd_files_agg_engine

GetLineage

A mapping of each QVD file to the apps that reference it.

qlik_sense_apps_agg_engine

GetAllInfos, GetLineage

A comprehensive apps metric table, including the app element types and QVD files in each app.

Audit Logs

  • From Qlik’s server audit logs, which we ingest via a connection to an S3 bucket, we are able to obtain user activity information, including app opens, file uploads, and logins

  • When combined with data from the QRS and Engine APIs, this information is used to produce alerts and insights regarding unused apps and licenses, as well as governance and security concerns such as suspicious logins or unauthorized app access

Datalgoz Table
Source
Description of Data

qlik_sense_activity_audit

C:\ProgramData\Qlik\Sense\Log\Repository\Audit\AuditActivity_Repository

An audit log of user actions in Qlik, such as app opens and file uploads.

qlik_sense_security_audit

C:\ProgramData\Qlik\Sense\Log\Repository\Audit\AuditSecurity_Repository

An audit log of security-related user actions in Qlik, such as logins and user directory syncs.

NPrinting

  • From Qlik’s NPrinting API, we fetch metadata about the resources and users in the NPrinting environment

  • Together, this metadata provides another layer of usage information about the apps in the Qlik Sense environment

Datalgoz Table
API Endpoint
Description of Data

qlik_sense_nprinting_apps

/apps

Metadata about apps in NPrinting, including when it was created and last updated.

qlik_sense_nprinting_connections

/connections

Metadata about connections in NPrinting, including the connection status, source, and associated app.

qlik_sense_nprinting_reports

/reports

Metadata about reports in NPrinting, including the report type and output formats.

qlik_sense_nprinting_roles

/roles

Details about each of the role types in NPrinting and whether it’s enabled in the environment.

qlik_sense_nprinting_task_executions

/tasks/<task_id>/executions

A log of the task executions in the NPrinting environment, including the execution type and completion status.

qlik_sense_nprinting_tasks

/tasks

Metadata about tasks in NPrinting, including the task type, whether it is enabled, and the associated app, when applicable.

qlik_sense_nprinting_user_roles

/users/<user_id>/roles

A mapping of NPrinting users to the roles assigned to them.

qlik_sense_nprinting_users

/users

Metadata about users in NPrinting, including their email and domain account.

Spotfire

This guide will walk you through how to set up a Spotfire connector in Datalogz.

Datalogz' Spotfire connector directly extracts metadata from your Oracle database. Support for other database types isn't available at this time.

Prerequisites:

  1. Hostname, the address at which we access Spotfire.

  2. A username and password that can connect to the Spotfire server.

  3. A service name

  4. (Optional) The Oracle protocol

  5. Determine your connection method: via hostname and SID or DNS

Step 1: Connect to Spotfire in Datalogz' Control Tower

  1. Log in to your Datalogz account.

  2. Go to Settings > Connector.

  3. Click New Connector > Spotfire.

  4. Enter the connection details.

  • For the hostname/SID connection:

Parameter
Description

Username

The user account credential for logging into the external database (not your Spotfire user). This user must have permissions to access the data Spotfire needs.

Password

The secret string associated with the database username, used for authenticating with the external database.

Hostname

The network address (domain name or IP address) of the database server where your data resides.

Protocol

The specific communication method or standard used by Spotfire to interact with the database server. While often implicit with the chosen connector, it ensures the correct "language" is spoken.

Service Name / SID

Specific to Oracle databases.&lt;br/>- Service Name: A logical name identifying an Oracle database instance or group of instances (preferred, modern).&lt;br/>- SID (System Identifier): A unique name for a specific Oracle database instance (older, still used).

Is SSL Connection?

A boolean flag indicating whether the communication between Spotfire and the database should be encrypted using SSL/TLS.

  • For the DSN connection:

Parameter
Description

Username

The user account credential for logging into the external database (not your Spotfire user). This user must have permissions to access the data Spotfire needs.

Password

The secret string associated with the database username, used for authenticating with the external database.

Have DSN string?

Indicates whether Spotfire should use a pre-configured Data Source Name (DSN) on the system to connect to the database. A DSN is a stored configuration that contains all the underlying connection details (hostname, database name, driver, etc.).

Click Connect.

Step 2: Choose Connector Components

  1. Select the asset information you want to ingest in Datalogz' Control Tower.

  2. Set a synchronization schedule.

  3. Click Next.

  4. Review the setup and click Confirm and Finish.

Once you confirm and finish the connector setup, it will run automatically.

For more questions, please contact Datalogz support support@datalogz.io

Invite & Manage Members

Overview

Root users and admins can manually invite, suspend, and promote members from the user's settings page.

Invite members

Send an invitation

To send an invitation:

  1. Go to the Teams > Users

  2. Click Invite Users.

  3. Enter the invitee(s) email address, and assign the user type.

  4. Click Add.

  5. Click Send invites. New members will receive an invite link via email along with steps to join the workspace.

User Roles

Root Admin

Root Admin have the highest organizational privilege and can only be assigned by the Datalogz team during the onboarding.

Root Admin are the only users who can:

  • View or edit connectors

  • Grant or remove Admin roles

  • Manage login methods

  • Create a new Team

Admin

Admins have the second highest privilege in assigned Teams and synced projects/workspace/streams.

Admins can

  • Invite and manage users

  • Rename Teams

  • Edit monitor and alerts

Admins can not

  • View or edit connectors

  • Delete a Team

Member

Members are viewers and collaborators in assigned Teams, projects/workspaces/streams.

Delete member

To delete a user from Datalogz

  1. Go to Teams > Users

  2. Find the member's name, and click on the delete icon in the same column

The user will be removed from Datalogz and unable to access it unless they are re-invited.

To remove a member from a Team

  1. Go to Teams

  2. Click on the Team's name

  3. Deselect a member's name

The member will be removed from the Team and unable to access assigned projects/workspaces/streams. The member will remain a user in Datalogz.

Teams

Create teams in your organization to assign different projects/workspaces/streams.

Overview

After the initial onboarding, by default, Datalogz will generate a team with the highest privileges for your organization. Root Users can create and split teams. Any user can be part of one or many teams.

To group users

  • who work together frequently

  • who work on one area of work, such as finance, marketing, etc.

  • who share the same level of access, such as executives, global admin, etc.

View Your Team(s)

The teams you are a member of will be listed in Team and in the top-left dropdown.

The current team you navigate in will be shown in the field of the dropdown.

Create a Team

  • Go to Teams, click on New Team in the upper right of the table.

  • Create a name for the team

  • Assign a connector

  • Assign Platform Contexts

  • (Optional) Select Users

You can assign only one connector to one team at a time.

Timezone

Timezone is automatically set at localtime based on the user's IP address.

Access Control

All members of a team can view their team. Only Root User can create new teams. Both Root User and Admin can invite members to their teams. Anyone can view default insights, default monitors, and default alerts. Members in teams can view team insights, team monitors, and team alerts, as long as they are not private.

Delete a team

Deleting a team will not delete a user. But it will permanently delete any connectors and platform contexts associated with it. This can't be undone, and the data cannot be recovered.