Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
A Datalogz account and license activation are pre-requisites to the following setup guides and should be completed prior to starting.
Please contact if you do not have an active account and license before continuing.
To get started head over to Settings >> BI Connectors or and then follow the steps outlined for your connector type.
We recommend to use a Creator license with the Site Administrator Creator role for the easiest setup and most complete ingestion result.
Tableau activity metadata is harvested from an S3 file. Datalogz needs access to the S3 bucket where the file is stored.
Datalogz supports the following licenses:
Creator License (recommended)
Explorer License
Datalogz supports the following roles to connect to your Tableau site and harvest metadata:
Administrator
Explorer, with
First, make sure that the following settings are enabled in Settings > General:
Data Management, which is required to run the Tableau Metadata API and give the Explorer user access to databases and tables.
Automatically grant authorized users access to metadata about databases and tables
Show complete lineage (default)
Next, give the Explorer access to Tableau projects:
For large projects that change often, we recommend making the Explorer a project leader. This ensures that the Explorer can access all Tableau assets within the project, including databases and tables.
For projects where project leader status cannot be given, make sure that the Explorer has view access to all assets within the project.
Applies to: Tableau Cloud, Tableau Server (version 2022.3 or later)
All Tableau content
Access limited to assigned Tableau sites.
Server Administrator
All Tableau content
Full server-wide access
Viewer
Reports, workbooks, data sources (limited scope)
Not supported
Explorer (no external asset access)
Reports, workbooks, data sources (limited scope)
Supported, but without lineage. Databases and tables are not available.
Explorer (with external asset access)
Reports, workbooks, data sources, databases and tables
Requires correct permissions and Tableau Catalog settings
Site Administrator
(Recommended)
Create a Tableau connector in Datalogz Control Tower
Follow the steps outlined here on generating a personal access token
Note: We recommend to use a Site Administrator Creator user for the personal access token (PAT). If this is not available, please check the supported licenses and roles .
There are several pieces of information required from your Tableau host to complete the next steps.
Host URL
This is everything after https:// but before /#/
Example: https://prod-useast-a.online.tableau.com/#/site/...
Note: The steps above will need to be repeated for each additional site as connectors are site specific.
For questions or assistance with this setup, please contact Datalogz support [email protected]
Site Name
This everything after /site/ but before /home
Example: ...tableau.com/#/site/mysite/home
API Version
This table identifies which version of Tableau Server and Cloud correspond to the supported version of the ReST API.
Personal Access Token Name
This will be the name you specified in the creation of the personal access token above.
Personal Access Token Secret
This will be the value generated as the Secret
Enter the following information obtained in the previous steps
Host
Site Name
API Version
Access Token Name
Access Token Secret
Click Connect
Enter a Connector Name
Select the snapshot frequency, e.g., Weekly or Daily
Click Next
Click Confirm and Finish
Applies to: Power BI Premium Per User (PPU), Power BI Premium Capacity
This guide will walk you through how to set up a Power BI connection in the Datalogz Control Tower using the service principal method for authentication. This Microsoft's recommended method for running an application in an automated way, without user input.
Below follows Microsoft's documentation to enable service principal authentication for admin APIs.
Below is the order of operations for completing the Power BI connector setup
Register an application in the Microsoft Entra portal
Create a security group in the Microsoft Entra portal and add the app registration to the security group
Add the security group to the Power BI tenant
Create a Power BI connector in the Datalogz Control Tower
For questions or assistance with this setup, please contact Datalogz support
Applies to: Qlik Sense Enterprise on Windows
This guide will walk you through how to set up a Qlik Sense connector in the Datalogz Control Tower using the virtual proxy with header method for authentication. This Qlik method for authentication is easy to set up and a good choice for a development environment or between trusted systems.
Certificate authentication is available on request, but to authenticate using certificates:
Datalogz must have a copy of the client SSL certificate.
All requests must carry administrator level permissions.
Below is the order of operations for completing the Qlik Sense connector setup
Create a virtual proxy with header authentication in the Qlik Management Console (QMC)
Create a Qlik Sense connector in Datalogz Control Tower
For questions or assistance with this setup, please contact Datalogz support
Note: The Application (client) ID and the Directory (tenant) ID values in the Overview screen of the registered application will be needed for the Power BI Connector setup in the Datalogz Control Tower.
Under the Manage section of your registered application, select Certificates & secrets
Under Client secret select New client secret
Enter a Description for the client secret
In the Expires leave the default set to Recommended: 180 days (6 months)
Note: You can optionally set the expiry duration to be shorter or longer. Note however that once the client secret expires you'll have to create a new secret and re-authenticate the Datalogz Control Tower Power BI connector configuration.
Click Add
Copy the Value
Note: The generated value will be our Application Secret Value used in the Datalogz Control Tower connector setup. Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page.
Follow the steps outlined here.
Under Group type select Security
Note: Security groups are used to give group members access to applications, resources and assign licenses. Group members can be users, devices, service principals, and other groups.
Enter a Group name
Note: The group name will be needed to complete the Power BI tenant admin configuration.
Under Members select No members selected
Search for the name of the registered application, select the check box next to the name and then click Select
Search for the name of the registered application created in step 1
Click the checkbox next to the registered application and click Select
You should now see the registered application listed under Direct members
From the Power BI admin portal navigate to the Tenant settings section
Under Developer settings
Find Service principals can call Fabric public APIs
Select Specific security groups
Enter the security group created above
Under Admin API settings
Find Service principals can access read-only admin APIs
Select Specific security groups
Note: Power BI tenant configuration changes can take 15 minutes or longer to be applied.
Select Connect using a Service Principal (SP) and click Connect
Enter the following information obtained in the previous steps
Directory (Tenant) ID
Application (Client) ID
Application Secret Value
Click Connect
Enter a Connector Name
Select the snapshot frequency, e.g., Weekly or Daily
Select the kinds of workspaces you'd like to monitor, e.g., Premium, Shared, and/or Personal
Select if you'd like to capture Activity and Capacity metadata as well.
Note: For Capacity monitoring see the additional setup below
Click Next
Click Confirm and Finish
The additional capacity monitoring setup is optional, but highly recommended as it provides a way to monitor your Fabric capacity usage with the registered application created above.
From the Power BI admin portal navigate to the Tenant settings section
Under Integration settings
Find Semantic Model Execute Queries REST API
Select Specific security groups
Navigate to the Apps section on the side bar of Power BI.
Search for the Microsoft Fabric Capacity App and add it.
Navigate to the Microsoft Fabric Capacity Metrics workspace that is created with the app.
Go to Manage Access and grant Admin permissions to the Azure security group
to start data flowing into the semantic model.
Note: The ID of the dataset/semantic model for the Fabric Capacity Metrics will be needed to complete the setup for Capacity monitoring in the Datalogz Control Tower Power BI connector.
This can be found in the URL when viewing the semantic model in your web browser.
The full documentation for the Microsoft Fabric Capacity App can be found .
Qlik Sense host URL
Virtual proxy prefix
Virtual proxy header name
Virtual proxy header value
Enter the following information obtained in the previous steps
Host
Virtual proxy prefix
Virtual proxy header name
Click Connect
Enter a Connector Name
Select the snapshot frequency, e.g., Weekly or Daily
Click Next
Click Confirm and Finish
Note: NPrinting setup is optional, but highly recommended as it provides a way to monitor usage and distribution of reports from Qlik Sense. The steps below assume that NPrinting is already installed and configured in your environment and that you have the following information.
NPrinting Server Name
NPrinting Port
NPrinting User Domain
NPrinting User Name
NPrinting Password
Hostname, the address at which we access Spotfire.
A username and password that can connect to the Spotfire server.
A service name
(Optional) The Oracle protocol
Determine your connection method: via hostname and SID or DNS
Log in to your Datalogz account.
Go to Settings > Connector.
Click New Connector > Spotfire.
Enter the connection details.
For the hostname/SID connection:
Username
The user account credential for logging into the external database (not your Spotfire user). This user must have permissions to access the data Spotfire needs.
Password
The secret string associated with the database username, used for authenticating with the external database.
Hostname
The network address (domain name or IP address) of the database server where your data resides.
For the DSN connection:
Username
The user account credential for logging into the external database (not your Spotfire user). This user must have permissions to access the data Spotfire needs.
Password
The secret string associated with the database username, used for authenticating with the external database.
Have DSN string?
Indicates whether Spotfire should use a pre-configured Data Source Name (DSN) on the system to connect to the database. A DSN is a stored configuration that contains all the underlying connection details (hostname, database name, driver, etc.).
Click Connect.
Select the asset information you want to ingest in Datalogz' Control Tower.
Set a synchronization schedule.
Click Next.
Review the setup and click Confirm and Finish.
Once you confirm and finish the connector setup, it will run automatically.
For more questions, please contact Datalogz support [email protected]
Click Apply
Click Apply
Find Enhance admin APIs responses with detailed metadata
Select Specific security groups
Enter the security group created above
Click Apply
Find Enhance admin APIs responses with DAX and mashup expressions
Select Specific security groups
Enter the security group created above
Click Apply
Click Apply
Note: When enabled, users in the organization can query semantic models by using Data Analysis Expressions (DAX) through Power BI REST APIs.
Virtual proxy header value
(Optional) NPrinting configuration. See below
Protocol
The specific communication method or standard used by Spotfire to interact with the database server. While often implicit with the chosen connector, it ensures the correct "language" is spoken.
Service Name / SID
Specific to Oracle databases.
Service Name: A logical name identifying an Oracle database instance or group of instances (preferred, modern).
SID (System Identifier): A unique name for a specific Oracle database instance (older, still used).
Is SSL Connection?
A boolean flag indicating whether the communication between Spotfire and the database should be encrypted using SSL/TLS.
Qlik Sense data in the Datalogz Control Tower comes from four sources: the QRS API, the Engine API, server audit logs, and the NPrinting API
Together, the information from these sources paint a detailed picture about what resources are stored in the Qlik Sense and NPrinting environments and how they are used
Metadata is aggregated across sources to generate comprehensive alerts and insights
For instance, be aggregating across data from the QRS API, Engine API, and audit logs, we can determine if third party tools, such as VizLib, are going unused
From Qlik’s Repository Service API, we fetch most metadata about users and resources in the Qlik Sense environment
This includes details about apps, data connections, tasks, users, licenses, and user directories
In platform, this information makes up the Inventory page and backs several monitors and visualizations in the Insights and Exec views
From Qlik’s Engine API, we are able to fetch more detailed information about apps than is available in the QRS API
This includes an overview of the types of visualizations in each app as well as lineage information, such as which QVD files are referenced in an app
In platform, this metadata is used in the Insights page
From Qlik’s server audit logs, which we ingest via a connection to an S3 bucket, we are able to obtain user activity information, including app opens, file uploads, and logins
When combined with data from the QRS and Engine APIs, this information is used to produce alerts and insights regarding unused apps and licenses, as well as governance and security concerns such as suspicious logins or unauthorized app access
From Qlik’s NPrinting API, we fetch metadata about the resources and users in the NPrinting environment
Together, this metadata provides another layer of usage information about the apps in the Qlik Sense environment
/license/accesstypeoverview
A snapshot of the total number of licenses of each type and a breakdown of how many are used vs. available.
qlik_sense_analyzer_license_users
/license/analyzeraccesstype/full
All users with the analyzer license type.
qlik_sense_professional_license_users
/license/professionalaccesstype/full
All users with the professional license type.
qlik_sense_streams
/stream/full
Metadata about streams in Qlik, including the owner and when it was created and last updated.
qlik_sense_tasks
/task/full
Metadata about the various tasks in Qlik (reloads, external programs, user syncs, and distributes), including the last execution duration and status, whether it is manual or automatic, and the next execution time.
qlik_sense_user_directories
/userdirectory/full
Metadata about the user directories in the Qlik environment, including the type of directory and when it last successfully synced.
qlik_sense_users
/user/full
Metadata about users in Qlik, including their roles and attributes and which directory they’re a member of.
GetAllInfos, GetLineage
A comprehensive apps metric table, including the app element types and QVD files in each app.
/reports
Metadata about reports in NPrinting, including the report type and output formats.
qlik_sense_nprinting_roles
/roles
Details about each of the role types in NPrinting and whether it’s enabled in the environment.
qlik_sense_nprinting_task_executions
/tasks/<task_id>/executions
A log of the task executions in the NPrinting environment, including the execution type and completion status.
qlik_sense_nprinting_tasks
/tasks
Metadata about tasks in NPrinting, including the task type, whether it is enabled, and the associated app, when applicable.
qlik_sense_nprinting_user_roles
/users/<user_id>/roles
A mapping of NPrinting users to the roles assigned to them.
qlik_sense_nprinting_users
/users
Metadata about users in NPrinting, including their email and domain account.
qlik_sense_apps
/app/full
Metadata about apps in Qlik, including when it was created and last reloaded at, which stream it belongs to, its publication status, file size, and more.
qlik_sense_data_connections
/dataconnection/full
Metadata about data connections in Qlik, including the connection string, connection type, who the owner is and who last updated it.
qlik_sense_app_elements_agg_engine
GetAllInfos
A mapping of each element type to the apps that contain it.
qlik_sense_qvd_files_agg_engine
GetLineage
A mapping of each QVD file to the apps that reference it.
qlik_sense_activity_audit
C:\ProgramData\Qlik\Sense\Log\Repository\Audit\AuditActivity_Repository
An audit log of user actions in Qlik, such as app opens and file uploads.
qlik_sense_security_audit
C:\ProgramData\Qlik\Sense\Log\Repository\Audit\AuditSecurity_Repository
An audit log of security-related user actions in Qlik, such as logins and user directory syncs.
qlik_sense_nprinting_apps
/apps
Metadata about apps in NPrinting, including when it was created and last updated.
qlik_sense_nprinting_connections
/connections
Metadata about connections in NPrinting, including the connection status, source, and associated app.
qlik_sense_license_access_type_overview
qlik_sense_apps_agg_engine
qlik_sense_nprinting_reports