Reporting ========= Overview -------- The Swivel Administration Console allows a limited number of reports to be generated and scheduled. This document outlines some of the information that can be queried through the reporting feature. * The **Audit Log** is where Swivel maintains an activity log for users. For more information on the Audit Log feature within Swivel, see the :doc:`AuditLog`. * For information on querying a built in MariaDB database, see :doc:`DatabaseQueries` and for a MS SQL database see the :doc:`MicrosoftSQLServer`. * Also see the :doc:`API`. Reporting Access and Restrictions --------------------------------- Swivel reports from a global database. Where access is restricted for Helpdesk users to specific repositories and groups, it may be necessary to disable the reporting function for Helpdesk users. However, reports can be produced by Administrative level users by creating scheduled reporting based on the required groups. These reports can then be made available to the relevant Helpdesk users managing those groups, such as through automated emails. Producing Instant Reports ------------------------- #. From the Swivel Administration console select **Reporting** then **Instant**. .. image:: /images/Reporting/SelectReport.png :alt: Swivel Reporting Select a Report :align: center #. Depending on the report, additional parameters may be selected. .. image:: /images/Reporting/Parameters.png :alt: Swivel Reporting Enter Parameters :align: center #. Click on **Run Report** to generate data. #. Clicking on **Export as XML** or **Export as CSV** allows the report to be saved from the browser. Producing Scheduled Reports --------------------------- From the Swivel Administration console select **Reporting** then **Scheduled**. Existing scheduled reports are listed. For information on creating custom schedules see :doc:`Schedule`. To create a new scheduled report click on **Add**. .. image:: /images/Reporting/Schedule.png :alt: Swivel Reporting New Report :align: center Enter the following information: * **Name:** Name for the report. * **Report:** Select the required report. * **Schedule:** How often the report is run. * **Format:** The output format for the report (XML or CSV). * **Filename:** The filename given to the report. For multiple reports to be run at the same time this should be unique. Example: ``inactive_users_%d-%t.txt`` creates a file called ``inactive_users_date-time.txt``. * **Email:** Ticking this box enables reporting by email. This function is available from Swivel 3.10 onwards. The email address is set under **Policy -> Reporting**. * **Enabled:** Ticking this box enables the report to be run. Apply the settings to save them. Scheduled Report File Locations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scheduled reports are stored within the Swivel installation and vary depending upon the install type and version. * **Swivel 3.9.1 onwards (Appliance/Software):** ``/.swivel/reporting`` * **Swivel 3.9:** ``/WEB-INF/reports`` **Path Definitions:** * For an appliance ```` is: ``/usr/local/tomcat/webapps/pinsafe`` * For a Windows 3.9.1 installation, ```` will depend on the user account under which Tomcat is running, and will typically be ``C:\Users\Account``. You can check the actual directory from the PINsafe Administration Console Status page. Look for **Data Storage Root**. * For a Swivel 3.9 software install under Windows, ```` is usually: ``C:\Program Files\Apache Software Installation\Tomcat 5.5\webapps\pinsafe``. Adjust accordingly if using a different version of Tomcat. Report Date Format ------------------ The report date format can be set on the Swivel Administration console under **Server -> Language -> Date Format**. Available Reports ----------------- * List all users * List all users with no activity since a given date * List all users with no activity within a given number of days * List login failures and self-resets since the last successful login * List creation time and latest login for all users * List users that have never logged in * List number of users hourly logged Custom Reports -------------- .. warning:: Always backup files before editing. The report definition file is located at: * **Appliances after 3.9:** ``/home/swivel/.swivel/conf/reports.xml`` * **Appliances up to 3.9:** ``/usr/local/tomcat/webapps/pinsafe/WEB-INF/conf/reports.xml`` * **Software install after 3.9:** ``/.swivel/conf/reports.xml`` * **Software install up to 3.9:** ``/webapps/pinsafe/WEB-INF/conf/reports.xml`` See above for details on finding the location of ````. The default contents of this file at the time of writing is as follows: .. code-block:: xml ---- Please select a report to run ---- No report selected List all users Lists all usernames in the PINsafe database
Username
 H PINSAFEJ List idle users Lists users that have not logged in since a specified date
Username
Last Login
 U.H, A.D PINSAFEJ U LEFT OUTER JOIN PINSAFEN A ON U.G = A.A AND A.C = 0 A.D IS NULL OR A.D < ? User fail count and reset count Lists the number of consecutive login failures and self-resets since the last successful login for all users
Username
Fail Count
Reset Count
 H, B, F PINSAFEJ Latest connection for all users Lists the creation time and last login time for all users
Username
Created
Last Login
 U.H, A1.D, A2.D PINSAFEJ U INNER JOIN PINSAFEN A1 ON U.G=A1.A AND A1.C=3 LEFT OUTER JOIN PINSAFEN A2 ON U.G=A2.A AND A2.C=0 Users that have never logged in Lists all users that have never successfully logged into PINsafe
Username
 H PINSAFEJ G NOT IN (SELECT DISTINCT A FROM PINSAFEN WHERE C=0) Adding New Reports ------------------ Currently, requests for new reports can be made via your reseller to PINsafe support (`supportdesk@swivelsecure.com `_). Once you've obtained a new report, the easiest way to add it to the configuration file above is to use WinSCP. See the :doc:`WinSCP_how_to_guide` for further information. To add custom reports to the built-in reporting feature of PINsafe, append the XML block to the ``reports.xml`` file. Insert new reports immediately before the last line: ````. Once you have installed the report, go to **Reporting -> Instant**, and the new report should be available from the drop-down list. You do not need to restart Tomcat; the list is reloaded every time the report page is displayed. .. warning:: We do not recommend writing your own reports, but for those who are competent with SQL and recognize that the reports are essentially XML-encoded fragments of SQL statements, you can get the full database schema for the Swivel database from the :doc:`DatabaseSchema`. .. note:: Any reports that reference the policy flags table, ``PINSAFEC``, will **not** work with Sentry version 4.2 or later, and must reference the new status flags table, ``PINSAFES``. Custom reports listed below that need changing are noted as such, and two alternatives are given. Creation time, last login and number of logins ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This report lists all successful logins within the last 30 days (the audit trail is only kept for 30 days by default, but can be set to a different value). .. code-block:: xml Login count and latest login for all users Lists the creation time, last login time and number of logins for all users
Username
Created
Last Login
Login Count
 U.H, MAX(A1.D), MAX(A2.D), COUNT(AU.G) PINSAFEJ U INNER JOIN PINSAFEN A1 ON U.G=A1.A AND A1.C=3 LEFT OUTER JOIN PINSAFEN A2 ON U.G=A2.A AND A2.C=0 INNER JOIN PINSAFEM AU ON U.G=AU.G AND AU.A=0 GROUP BY U.G, U.H If you want to include users that have not logged in within the last 30 days, change ``INNER JOIN PINSAFEM`` to ``LEFT OUTER JOIN PINSAFEM``. List all users, together with their login count ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This report lists the First Name, Last Name, Username, Phone Number, Creation Date, Last Login Date, and Login Count. *Note: creation date is valid if within length of audit time.* .. code-block:: xml User details with login count Lists all users, together with their login count over the last 30 days, and last login time
Username
First name
Last name
Phone
Created
Latest login
Login count
 U.H, ATT1.C, ATT2.C, ATT3.C, ACT1.D, ACT2.D, AUD.CT List users of a particular group showing their last login over the last month ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You will be prompted for the group *name*. Type in the actual name of the group. Remember it is the Swivel group name, not the Active Directory FQDN. .. code-block:: xml Authentication by User in a Group List of users in a particular group, listing their logins over the last month
Group
Username
Login Date
 G.A, U.H, A.E PINSAFEM A INNER JOIN PINSAFEJ U ON A.G=U.G INNER JOIN PINSAFEI G ON U.G=G.B G.A=? ORDER BY U.C List Inactive Users Within a Period By Group ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note that for it to work properly, set the **Policy -> General, Audit Log length** to a suitably large value (example 365 days). .. code-block:: xml List Inactive Users Within a Period By Group List members of a given group who did not log in within a specified time
Username
Last Login
 U.H, A.D PINSAFEJ U LEFT OUTER JOIN PINSAFEN A ON A.A = U.G AND A.C = 0 JOIN PINSAFEI G ON G.B = U.G AND G.A = ? U.G NOT IN (SELECT G FROM PINSAFEM WHERE A=0 AND E >= ? AND E <= ?) Total number of users ~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml Total number of users Report the total number of users in the database
Num. Users
 PINSAFEJ COUNT(*) Total number of users in each group ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml Count of users in each group by repository List the number of users in each group within each repository
Repository
Group
Num. Users
 R.B, G.A, COUNT(U.G) PINSAFEJ U JOIN PINSAFEL R ON U.I=R.A JOIN PINSAFEI G ON U.G=G.B GROUP BY R.B, G.A ORDER BY R.B, G.A List users in each group ~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of users in each group by repository List the users in each group by repository
Repository
Group
Users
 R.B, G.A, U.C PINSAFEJ U JOIN PINSAFEL R ON U.I=R.A JOIN PINSAFEI G ON U.G=G.B ORDER BY R.B, G.A, U.C List all OATH users ~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of users allocated OATH tokens Lists all users that have been allocated OATH tokens
User
 U.H PINSAFEJ U JOIN PINSAFEQ T ON U.G=T.C List users with Mobile permissions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of users entitle to use mobile client Lists users that have the "Mobile" right
User
 U.H PINSAFEJ U JOIN PINSAFEB R ON U.G = R.B R.A = 2 List users with a provisioned Mobile device ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of users with provisioned mobile clients Lists users that have provisioned their mobile clients
User
 U.H PINSAFEJ U JOIN PINSAFEO M ON U.G = M.C List users with Mobile client rights that have not yet provisioned a device ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of users that have not yet provisioned a mobile device Lists users that have the right to use a mobile client, but have not yet provisioned one
User
 U.H PINSAFEJ U JOIN PINSAFEB R ON U.G = R.B AND R.A=2 U.G NOT IN (SELECT C FROM PINSAFEO) List the number of login failures for all users ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml Count of failed logins for all users Lists the number of failed logins for each user, to the extent of the audit records
Username
Fail Count
 I, Count(A) PINSAFEM A=14 group by I order by I List of users that provisioned before a given date ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of users that provisioned before a given date Lists users that last provisioned their mobile app earlier than a specified date.
Username
Provision date
 U.H, A.D PINSAFEJ U JOIN PINSAFEO M on U.G = M.C JOIN PINSAFEN A on U.G = A.A and A.C=15 A.D < ? List unprovisioned Mobile Users for a given date ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List Unprovisioned Mobile Users older than given date Lists users, together with the latest date that they Provisioned
Username
Last Changed
 U.H, U.C name, MAX(A.D) lastdate PINSAFEJ U JOIN PINSAFEB R ON U.G = R.B AND R.A=2; PINSAFEJ U JOIN PINSAFEN A on U.G=A.A and A.C in (1,2,3,6) group by A.A having date < ? order by lastdate U.G NOT IN (SELECT C FROM PINSAFEO) List the number of login failures since a given date, for all users ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml Count of failed logins since a given date for all users Lists the number of failed logins for each user, since a given date
Username
Fail Count
 I, Count(A) PINSAFEM A=14 and E>? group by I order by I List the last PIN change for all users ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *Note: There are different versions for different databases.* **For MySQL, MariaDB, MSSQL:** .. code-block:: xml List of PIN changes by date Lists all users, together with the latest date that their PIN was changed, or the creation date if never changed, starting with the oldest
Username
Last Changed
 U.C name, MAX(A.D) lastdate PINSAFEJ U JOIN PINSAFEN A on U.G=A.A and A.C in (1,2,3,6) group by A.A order by lastdate **For Internal Database:** .. code-block:: xml List of PIN changes by date Lists all users, together with the latest date that their PIN was changed, or the creation date if never changed, starting with the oldest
Username
Last Changed
 U.C name, Q.DD lastdate PINSAFEJ U JOIN (SELECT A, Max(D) DD FROM PINSAFEN where C in (1,2,3,6) group by A) Q on U.G = Q.A order by lastdate List PIN changes older than a given date ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **For MySQL, MariaDB, MSSQL:** .. code-block:: xml List of PIN changes older than given date Lists users, together with the latest date that their PIN was changed, or the creation date if never changed, starting with the oldest, given a date cutoff
Username
Last Changed
 U.C name, MAX(A.D) lastdate PINSAFEJ U JOIN PINSAFEN A on U.G=A.A and A.C in (1,2,3,6) group by A.A having date < ? order by lastdate **For Internal Database:** .. code-block:: xml List of PIN changes older than given date Lists users, together with the latest date that their PIN was changed, or the creation date if never changed, starting with the oldest, given a date cutoff
Username
Last Changed
 U.C name, Q.DD lastdate PINSAFEJ U JOIN (SELECT A, Max(D) DD FROM PINSAFEN where C in (1,2,3,6) group by A) Q on U.G = Q.A Q.DD < ? order by lastdate Lists the number of logins for each hour ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *Note: For MariaDB and MySQL only.* .. code-block:: xml List of logins by hour Lists the number of logins for each hour
Date/Time
Count
 HOUR(E), COUNT(*) PINSAFEM A=0 GROUP BY HOUR(E) List number of logins for each day and hour for the last 7 days ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of logins by Day and Hour Lists the number of logins for each day and hour for the last 7 days
Date
Hour
Count
 DATE(E), HOUR(E), COUNT(*) PINSAFEM A=0 AND E<CURDATE() AND E>DATE_SUB(CURDATE(), INTERVAL 7 DAY) GROUP BY DATE(E), HOUR(E) Enhancement to the previous report (failures + group restrict) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of logins by Day and Hour for a group Lists the number of logins or failures for each day and hour for the last 7 days
Date
Hour
Count
 DATE(E), HOUR(E), COUNT(*) PINSAFEM (A=0 OR A=14) AND E<CURDATE() AND E>DATE_SUB(CURDATE(), INTERVAL 7 DAY) AND G IN (SELECT B FROM PINSAFEI WHERE A=?) GROUP BY DATE(E), HOUR(E) List users that have been recently deleted ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml List of users that have been deleted recently Lists usernames that have been permanently deleted, but who still appear in the audit table
Username
 DISTINCT(I) PINSAFEM I NOT IN (SELECT C FROM PINSAFEJ) Custom Reports for Multiple Database Types ------------------------------------------ The following reports will work with differing database types as the database is specified within the report as ``db="mysql"``, ``db="mssql"``, etc. Users marked as deleted ~~~~~~~~~~~~~~~~~~~~~~~ This report needs to be modified to work with Sentry version 4.2 onwards. **Version 4.2 onwards:** .. code-block:: xml List of users marked as deleted List all users who are currently marked as deleted.
Username
 U.H PINSAFEJ U INNER JOIN PINSAFES F ON U.G=F.A F.D & 1 = 1 List of users marked as deleted recently List all users who have been marked as deleted in the last #days.
Username
Date
 U.H, A.D PINSAFEJ U INNER JOIN PINSAFEC F ON U.G=F.C AND F.B=4 AND F.D=1 INNER JOIN PINSAFEN A ON U.G=A.A AND A.C=10 F.D & 1 = 1 AND A.D > DATE_SUB(NOW(), INTERVAL ? DAY) F.D & 1 = 1 AND A.D > DATEADD(day, -?, GETDATE()) F.D & 1 = 1 AND A.D > ADD_DAYS(SYSDATE, -?) F.D & 1 = 1 AND {fn TIMESTAMPDIFF(SQL_TSI_DAY, A.D, CURRENT_DATE)} < ? **Up to version 4.1.3:** .. code-block:: xml List of users marked as deleted List all users who are currently marked as deleted.
Username
 U.H PINSAFEJ U INNER JOIN PINSAFEC F ON U.G=F.C AND F.B=4 AND F.D=1 List of users marked as deleted recently List all users who have been marked as deleted in the last #days.
Username
Date
 U.H, A.D PINSAFEJ U INNER JOIN PINSAFEC F ON U.G=F.C AND F.B=4 AND F.D=1 INNER JOIN PINSAFEN A ON U.G=A.A AND A.C=10 A.D > DATE_SUB(NOW(), INTERVAL ? DAY) A.D > DATEADD(day, -?, GETDATE()) A.D > ADD_DAYS(SYSDATE, -?) {fn TIMESTAMPDIFF(SQL_TSI_DAY, A.D, CURRENT_DATE)} < ? Users whose PIN never expires ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **Version 4.2 onwards:** .. code-block:: xml List of users whose PIN never expires Lists the names of users that have the "PIN never expires" flag set.
Username
 U.H PINSAFEJ U INNER JOIN PINSAFES F ON U.G=F.A F.B=1 The above report can be modified to show users who are marked as disabled, locked, deleted, inactive or require a PIN change, by changing the query as follows: * User must change PIN after next login: ``F.C=1`` * User disabled: ``F.D & 2 = 2`` * User locked (any reason): ``F.D & 124 <> 0`` * User is marked as deleted: ``F.D & 1 = 1`` **Up to version 4.1.3:** .. code-block:: xml List of users whose PIN never expires Lists the names of users that have the "PIN never expires" flag set.
Username
 U.H PINSAFEJ U INNER JOIN PINSAFEC F ON U.G=F.C F.B=3 AND F.D=1 The above report can be modified to show users who are marked as disabled, locked, deleted, inactive or require a PIN change, by changing the value of **F.B** in the query as follows: * 0 - User disabled * 1 - User locked * 2 - User must change PIN after next login * 3 - User's PIN never expires * 4 - User is marked as deleted * 5 - User is inactive All User Logins, including login location ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *Note: This will only report logins as far back as audit records are retained (default 30 days). Most AgentXML integrations (e.g., OWA) do not report the user's location.* .. code-block:: xml All recent connections for all users Lists the login times and location (where available) for all users, within the audit retention time
Username
Created
Last Login
Location
 U.H, A1.D, AU.E, AU.B PINSAFEJ U INNER JOIN PINSAFEN A1 ON U.G=A1.A AND A1.C=3 LEFT OUTER JOIN PINSAFEM AU ON U.G=AU.G AND AU.C=0 1 ORDER BY U.H, AU.E DESC All user logins and failures for a given group ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml Details of User logins List of all logins and login failures within a given time for a given group
Username
Activity
Date/Time
Location
Details
 I, if(A=0, 'login', 'failed'), E, B, C PINSAFEM (A=0 OR A=14) AND DATEDIFF(CURRENT_DATE(), E) < ? AND G IN (SELECT B FROM pinsafei WHERE A=?) ORDER BY I, E desc All login failures in the last few hours ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml Count of failed logins in the last x hours Lists the number of failed logins for each user in the last few hours
Username
Fail Count
 I, Count(A) PINSAFEM A=14 and E>DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL ? HOUR) group by I order by I Other Reports ------------- Idle Users for the last 180 days but created over 30 days ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml Users who never logged in over 180 days but created over 30 List the number of users who have never logged in over the last 180 days but created more than 30 days ago
Username
 U.H PINSAFEJ U JOIN PINSAFEN A1 ON U.G = A1.A AND A1.C = 3 LEFT OUTER JOIN PINSAFEN A2 ON U.G = A2.A AND A2.C=0 List inactive users, locked, disabled, deleted and show creation date ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **Version 4.2 onwards:** .. code-block:: xml Users inactive, locked, disabled, deleted and show creation, login, PIN change date List all Users inactive, locked, disabled, deleted and show creation, login, PIN change date
UID
REPOS
DISABLED
LOCKED
DELETED
INACTIVE
CREATED
LOGGEDIN
PINCHANGE
 0, S.D & 1 = 1, S.D & 8 = 8, A1.D, A2.D, A3.D]]> **Up to version 4.1.3:** .. code-block:: xml Users inactive, locked, disabled, deleted and show creation, login, PIN change date List all Users inactive, locked, disabled, deleted and show creation, login, PIN change date
UID
REPOS
DISABLED
LOCKED
DELETED
INACTIVE
CREATED
LOGGEDIN
PINCHANGE
 U.H, R.B, S1.D, S2.D, S3.D, S4.D, A1.D, A2.D, A3.D List Users IDs, email, creation date, last login, last pin change and repository name ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: xml Users IDs, email, date, last login, last pin change and repo name Lists all the Users Ids, email address, created date, last login, last pin change and repository name
Username
ReposName
Email
CreateDate
LoginDate
PINChange
 U.H, U.E, T.A, A1.D, A2.D, A3.D Writing Your Own Reports ------------------------ This section is intended only for customers who are familiar with writing SQL queries, and with XML. Database Schema ~~~~~~~~~~~~~~~ While writing your report, refer to the :doc:`DatabaseSchema` page for reference on the database table and column names used by Swivel. Report Definition Format ~~~~~~~~~~~~~~~~~~~~~~~~ A report definition is an XML element, which includes elements of a SQL query, plus display information. The format is: .. code-block:: xml Report Title Report description
header1
... SQL-fields SQL-tables-and-joins SQL-query ... * **reportName:** Used internally, must be unique. * **Display Elements:** ````, ``<description>``, and ``<headers>``. The title is displayed in the drop-down. The number of headers should match the number of columns in the field list. * **SQL Query:** The query is built as: ``SELECT SQL-fields FROM SQL-tables-and-joins WHERE SQL-query`` * **query:** Optional. If missing, no WHERE clause is added. You can add "ORDER BY" or "GROUP BY" to the query element, or to the tables element. * **params:** Used to set values for replaceable parameters within the query. Types must be "String", "Integer" or "Date" (case-sensitive). Troubleshooting --------------- **HTTP Status 500 error when selecting a new report** Versions 3.8 to 3.9.3 may produce an error similar to: .. code-block:: text java.lang.IllegalArgumentException: fromIndex(50) > toIndex(0) java.util.SubList.<init>(Unknown Source) java.util.AbstractrList.subList (Unknown Source) com.swiveltechnologies.pinsafe.server.reporting.ReportResult.getRows (ReportResult.java:122) **Cause:** This is caused by the last page you were on when you used a report. For example, if you were on page 4 of one particular report, but then attempt to access another report which does not contain 4 pages, it will attempt to access page 4 of that report instead of page 1 and fail. **Solution:** Upgrade Swivel, or as a workaround, make sure that you request page 1 of a report before leaving the reporting page. Closing down the web browser should also alleviate this.