About the health check

This check warns you when the number of Audit log events in the database is about to exceed the set limit. By default the limit is 10 million records, regardless of the retention period you select. The limit is configurable using a system property, and is designed to ensure your database is not about to grow out of all proportion.

This check applies to the improved audit log available in Jira 8.8, Confluence 7.5 and Bitbucket 7.0 and later (Server and Data Center).

Understanding the results

What happens if I ignore the warning?

When you receive the warning, you need to take action because when you exceed 100% of the capacity, we’ll delete the events that exceed the set limit, starting with the oldest. The events will be deleted based on the timestamp, so there is a chance some important events will get deleted.

You will receive a notification when your capacity goes over 100% but there won’t be any separate message informing you that the events got deleted.

Resolution

There are several actions you can take when you’re about to reach the capacity limit. However, if you are fine with events being deleted, you don't need to take any action. 

Because we cache the event count, it will take up to an hour for the check to start passing after you have taken one of these actions. 

Review coverage levels

It might be a good idea to start with reviewing the coverage levels you have selected. If you have those set to Full, this might generate a lot of events. Especially, 3rd-party apps might create a great deal of data. If you decide, you only want the core events to be logged, select Base as your coverage level.

Learn more about the events logged at coverage levels:

• Audit log events in Jira

• Audit log events in Confluence

• Audit log events in Bitbucket

Reduce the retention period

You can reduce the amount of data being stored by decreasing the retention time. This will delete all the events that are older than the set retention period and will potentially prevent the audit log from reaching the hard capacity limit. Additionally, your audit search performance will increase.

All the events older than the newly set limit will be deleted so if you want to preserve them, back up your database or export your events. You don’t need to do this if you run Data Center as all your events are also logged to a file.

Learn more about setting retention period:

• Auditing in Jira

• Auditing in Confluence

• Auditing in Bitbucket

Back up your database

If you back up your database, you will not lose any events. However, this requires you to have a direct access to the database. If your database capacity is limited and you have some noisy apps producing lots of events, you might need to do this frequently.

You can use the following queries to perform the backup of the audit table:

$ pg_dump -t "public.\"AO_C77861_AUDIT_ENTITY\"" <database_name> > db.sql

Alternatively, you can backup the whole database:

$ pg_dump <database_name> > db.sql

Refer to the PostgreSQL documentation for more details. If you use a different database, your can change the commands to fit your needs. 

Increase the hard capacity limit

By default the limit is set at 10 million events. However, if you can’t immediately perform a database backup, you can temporarily increase the limit, to prevent any records being deleted. You can do this with the plugin.audit.db.limit.rows system property. This will allow you to store more events, but your database and audit search might be slower due to the increased amount of data. Also, increasing the limit might result in performance issues.

Make sure your system can store more data before you change the limit.

• Configuring system properties in Jira

• Configuring system properties in Confluence

• Configuring system properties in Bitbucket