Analyzing DarkShield Results

 

Next Steps
Home » Products » IRI Workbench (GUI) » DarkShield GUI » Audit Logs

Quick Links

+
DarkShield GUI Data Classification PII Discovery File Masking NoSQL DB Masking RDB Masking CLI & API Specs DarkShield Audit Logs

The IRI Workbench GUI for DarkShield produces multiple output logs from search and masking operations. More specifically, DarkShield jobs built in the Workbench and run through the on-premise DarkShield APIs for searching and masking generate actionable dashboard charts plus human and machine-readable log files which auditors can examine or export for analysis in other log visualization tools like Splunk, Grafana and Datadog.

Here is a complete listing of all the DarkShield job (log) artifacts currently available:

  1. PII discovery annotations and masking results, in separate JSON files, for searching and masking jobs run from IRI Workbench (and thus through a DarkShield API)
     
  2. Operational audit logs with user and runtime details, also in JSON, for each job run from IRI Workbench or in CLI mode
     
  3. PII discovery results, in delimited text format, for reporting through IRI CoSort SortCL, Excel, Splunk, etc.
     
  4. Workbench error log output, sent directly to the Workbench error log
     
  5. Logs for DarkShield API server operations, sent to the target(s) defined in a secure log4j2 configuration file in the conf directory of a DarkShield API distribution
     
  6. A self-updating audit log dashboard view for DarkShield API jobs displaying the number of unsuccessful completions, and total volume of data processed. A Gantt chart can also be displayed to show DarkShield job execution times over a period of time.
     

     

  7. An actionable Graph option, accessible from the context menu when right-clicking a .dsc file, generates an HTML file that has displays dashboard charts of aggregate DarkShield (search) annotation and (masking) results data. These charts allow you interact with summary data more visually.

Frequently Asked Questions (FAQs)

1. What are DarkShield audit logs and why are they important?
DarkShield audit logs are detailed records of every search and masking job run in IRI Workbench or through the DarkShield API (including the CLI). They provide proof of what data was discovered, masked, and when, which is essential for compliance, security audits, and internal reporting.
2. How does DarkShield capture search and masking results?
DarkShield generates separate JSON files for PII discovery annotations and masking results. These files include all found values, their locations, and what actions were applied, enabling full traceability of data protection activities.
3. What types of logs does DarkShield create?
DarkShield produces several log types, including operational audit logs with user and runtime details, JSON discovery and masking results, delimited text logs for reporting, Workbench error logs, and API server operation logs.
4. Can I use DarkShield logs with external tools?
Yes. The logs are human- and machine-readable, making them easy to export to visualization tools like Splunk, Grafana, and Datadog, or to analyze with IRI CoSort SortCL, Excel, or other BI/analytics platforms.
5. How does the audit log dashboard work?
DarkShield includes a self-updating dashboard view that displays the number of job completions, job failures, and the total volume of data processed. A Gantt chart is also available to visualize job execution times over a chosen time period.
6. What is the actionable graph option in Workbench?
When you right-click a .dsc file in IRI Workbench, you can generate an interactive HTML report that displays charts of aggregate search annotations and masking results. This provides an easy-to-read visual summary of job outcomes.
7. How do operational audit logs help with compliance?
Operational audit logs include user details, timestamps, and runtime metadata, creating a complete audit trail that can be shared with compliance officers and external auditors to verify adherence to data privacy regulations.
8. Can DarkShield logs be secured?
Yes. Log outputs can be directed to secure locations using the log4j2 configuration file in the DarkShield API distribution, ensuring that sensitive log data is protected and accessible only to authorized users.
9. Can I monitor jobs in real time?
Yes. The DarkShield dashboard provides real-time progress updates while jobs are running, so you can track completion status and identify any errors immediately.
10. How do logs support troubleshooting?
Workbench error logs and API operation logs provide diagnostic information that helps identify issues in job execution. These logs can be reviewed by administrators to adjust configurations or resolve any processing errors quickly.
Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.

Follow us on

Solutions
Products
Customers
Services
Company
Support
News
Partners

Copyright © 2025 Innovative Routines International (IRI), Inc.

Live Chat More Info Newsletter
Live Demo Free Trial Get Quote

Get the IRI Newsletter

See Previous Newsletters