search cancel

DLP Investigations User reports always report 'No Data'


Article ID: 170551


Updated On:


IT Analytics


When attempting to view either DLP Investigations - User Incident Details or DLP Investigations - User Incident Search reports the results of the report is always 'No Data'


IT Analytics for DLP 

Data Loss Prevention 14.5


The four parameters 'Email Address' , 'Machine Name', 'IP Address', & 'Username' are defined to be exact string matches. This causes the report to look for results where these four parameters have a blank value.


Updated the query statements that pull these four parameters values to return all results if the parameter field is empty. 

  1. Open Reporting Service Management Console with admin account http://servername/Reports
  2. Click on the IT Analytics Folder.
  3. Click on the Symantec Data Loss Prevention Folder.
  4. Hover over report 'DLP Investigations - User Incident Details' and click on the Down arrow that appears.
  5. Click on the option 'Edit in Report Builder'.
  6. Expand the Data Sources folder.
  7. Right click on ITAnalyticsEmbedded and choose 'Data Source Properties'.
  8. Select the option 'Use a shared connection or report method'.
  9. Select the ITAnalytics data source from the list of available data sources and click OK.
  10. Expand the Datasets folder.
  11. Right click on dUserIncidents and choose 'Query...'.
  12. Choose 'Use the current Windows user' and click OK if you are prompted with a 'Enter Data Source Credentials' pop up box.
  13. Replace the current query with the query from the attached text document 'DLP Investigations - User Incident Details dUserIncident' and click OK.
  14. Click the 'Save' icon at the top left hand corner of the screen to save the report.
  15. Repeat the same steps for the report DLP Investigations - User Incident Search, but replace the query with the query from DLP Investigations - User Incident Search dUserIncidents.



DLP Investigations - User Incident Search dUserIncidents.sql get_app
DLP Investigations - User Incident Details dUserIncident.sql get_app