Sure, this is what my view definition file looks like ...
[code]
<?php
$query_array=array("headline"=>__("Audit Log for Schedule ID " . $_GET['schedule_id']) . " and timestamp " . $_GET['timestamp'],
"sql"=>"SELECT * FROM audit_log
WHERE audit_log_schedule_id = '" . $_GET['schedule_id'] . "' AND
audit_log_timestamp = '" . $_GET['timestamp' ] . "'",
"sort"=>"audit_log_id",
"dir"=>"ASC",
"get"=>array("file"=>"search.php",
"title"=>__("Audit Log For Schedule on Timestamp"),
"var"=>array( "search"=>"%audit_log_host" ),
),
"fields"=>array("10"=>array("name"=>"audit_log_message",
"head"=>__("Log Message"),
"show"=>"y",
),
"20"=>array("name"=>"audit_log_host",
"head"=>__("Hostname"),
"show"=>"y",
"link"=>"y",
),
"30"=>array("name"=>"audit_log_pid",
"head"=>__("PID"),
"show"=>"y",
),
),
);
?>
[/code]
This view definition is how I view the log for my audits that I run from a Perl script managed via the web interface that I mentioned in this thread ...
viewtopic.php?f=9&t=3246I use one view definition to sort my audit logs by schedule name, then another to narrow those down by the timestamp that the audit was run. Then I use this query to actually display the audit log. The reason I use the search file and pass it the system name via GET is because it's not guaranteed that just because it tried to audit it that it would actually be in the system, since it also records failed authentication attempts and failure to connect/ping. I suspect there are other practical uses for setting up the view definition that way, this was just the first time it seemed like a good solution.