How to best query the default audit table dse_audit.audit_log by an event_time range? The docs say it has PRIMARY KEY ((date, “node”, day_partition), event_time), of course:
select XXXXX from dse_audit.audit_log WHERE event_time > minTimeuuid('YYYYY') AND event_time <= maxTimeuuid('ZZZZZ')"
will (too) slowly traverse all partitions.
I supposed I can refine and specify a date range and day_partition in the query?
I'm also wondering if I can use tokens? Note that I won't know the structure of the nodes/cluster. I just have permission to query the audit table.
Also does the date field correspond to the date in event_time? Or that's a date when the record is written to the table? TYIA