Interpreting Journal Data
The IBM i journaling feature provides a great built-in data audit benefit, but it is not easy to interpret the data! For example, the ENTRY_DATA value for selected entry might look like this:
Learning to decode journal entries can be time consuming and challenging.
Other, more helpful, data points can help you figure out what is going on:
The IBM DISPLAY_JOURNAL documentation does a good job of explaining the codes and other details.
When it's time to search for a specific activity in this journal history, the DSPJRN command leaves a lot to be desired. To give you a better way to look at before/after data changes, you can transfer the DSPJRN information into a database file and then use your favorite database tool to create more usable information.
To create the database for your query tool, run the following form of the DSPJRN command:
DSPJRN JRN(MYLIB/CUSTMSTR) OUTPUT(*OUTFILE) +
In this sample, the database version of the Journal now resides in the database file named CUSTMSTRJ. Use your query tool to select records with type codes UB and UP (the field name to select on is JOENTT). If your database file record length is exceptionally long, you may have to parse the record data information to get at what you are looking for, but the report generated should point you to all of the record changes posted to the file and you should be able to sort out who did what and when they did it.
Using DISPLAY_JOURNAL in IBM i SQL Services
The DISPLAY_TABLE function in QSYS2 can filter and return journal entries. See the IBM documentation link at the top of the page. It includes sample queries for searching journal entries. Here is a basic query:
SELECT * FROM TABLE (QSYS2.DISPLAY_JOURNAL('*library*', '*journal*')) AS JT;
As you can see, the results are still need to interpreted for human understanding.
Start building a WHERE clause to look for specific entries. In this case, all journal entries for a specific user:
SELECT * FROM TABLE (QSYS2.DISPLAY_JOURNAL('*library*', '*journal*')) AS JT WHERE "CURRENT_USER" = '*username*';
BROWSE KISCO U