Skip Ribbon Commands
Skip to main content

Recovering Workflow History after 60 days

Or finding where it's been hidden...

Andrew Walman

10/10/2011

Workflow history is one of two things to SharePoint users. I suspect for the majority, they aren't even aware of it, and don't have any need for it. For a small minority, they are fully aware of it for one important reason – compliance. Workflows are nearly always used as part of a larger business process, and often these business processes require auditing to ensure compliance with whatever industry standard the business operates with. When SharePoint workflows are used, workflow history is usually seized upon by users as being an easy way to audit compliance. After all, it's easy to get at isn't it?

Certainly while the workflow is in progress, and for a couple of months afterwards it is. But what happens when the end of year audit arrives, and the auditor goes to look at the history for a workflow completed 11 months ago? Disaster – it's not there! There must have been many a frantic phone call between panicking compliance officers and frustrated IT staff along the lines of this:

  • [Compliance officer] "My workflow history has been deleted! The auditor is going to fail us! Where has it gone?"
  • [IT support] (probably after Googling "Workflow history deleted") "This is by design. SharePoint deletes workflow history after 60 days"
  • [Compliance officer] "WHAT?! Nobody told me that! Can you recover it?"
  • [IT support] "We can, we'll just need turn off the timer job and then restore the entire SharePoint farm for each month in question."
  • [Compliance officer] "How long will that take?"
  • [IT support] "Hmmm…."

Both parties are at fault here. The compliance officer for writing a feature of SharePoint into the compliance process without knowing how it worked, and IT for not explaining the 60 day "deletion" actually happens. The good news is though, workflow history isn't deleted, all we need to do is make it easier to find.

So Where Is Workflow History after 60 days?

Put simply, it's in the same place as it's always been. There's a hidden list in every SharePoint site with the workflow feature activated called "workflow history" and it's under lists, so pointing your browser at http://[sitename]/[subweb]/lists/workflow%20history/ will show you this list. It's not pretty, and certainly not usable by an end user in its default view, but it is the same content that was available from the item that the original workflow ran on. All that happens after a workflow has been closed for 60 days is that the relationship links between the item (list item or document) and the workflow history are removed from the database by a timer job. The reason this is done is that a workflow can consist of many individual steps, each of which gets recorded in the history list. Maintaining those links in the database for every workflow that ever runs in a site slows performance down. So Microsoft implemented a clean-up job to remove the links, making it appear from the item that the workflow history is gone. It's possible to disable the timer job, but this has to be done at the application level, will kill performance in the long term, and doesn't help you get back the "missing" workflow history.

Making Workflow History Usable Again

Knowing that all Workflow History is available in a list, all we need to do is link it back to the original item using a calculated column and a view. The basic steps are:

  • Create a view of the workflow history list that uses the filtered ID to present the history of a particular workflow in a recognisable format.
  • Create a new calculated column in the list or library that is associated with the workflow.
  • Write a formula in the calculated column that inserts the item/document ID into a link that can be passed to a view of the workflow history list.

Once we've completed these steps, any user who can open the item will be able to see the new link to the workflow history and view that. Now for the nitty gritty:

Create views of the Workflow History List

  1. Open the workflow history list at http://appname/subweb/workflow%20history/
  2. Create a new shared view; you'll need one for each list that has a workflow associated with it – if there's only one, call the new view "audit view", otherwise "workflow name – audit view" or something similar.
  3. You'll need to identify the List or Library ID (GUID) – You can use the full history list for this.
  4. As a minimum, add the following columns to the view:

    Date Occurred

    User ID

    Event Type

    Outcome

    Description

  5. Sort the view by "Date Occurred"
  6. Filter the view by "List ID" (List ID is equal to GUID – include the braces)
  7. Group by "Primary Item ID", then by "Workflow History Parent Instance"
  8. Save the view, try it out – add any other customisations your audit process may need.

At this point the view will return all history for a particular list, in the next steps we'll create a link that opens and filters workflow history for a particular item.

Create the calculated column for a list/library

  1. Within the list that is associated with the workflow, add a new calculated column. Do this for each list from which you need to see the workflow history.
  2. Enter the following formula, replacing appname and subweb with the address of your site, and viewname with the view you just created:
    ​​ =CONCATENATE("http://appname/subweb/Lists/Workflow%20History/viewname.aspx?&FilterField1=Item&FilterValue1=",ID)
    ​​​
  3. Add this column to the default view, or create an "auditor's view" of the list, containing this column and any other pertinent information.
  4. Now users can click on the link created dynamically by this column to return a filtered view of the workflow history, containing audit information on each step in every workflow that ran for this list item.

​Edit:​​​ Further to the comments below, to make the link clickable, you'll need to edit the formula as follows, using single quotes in the HTML, and ensure the output is set to number​, not text. e.g:
​​ =CONCATENATE("<a href='http://appname/subweb/Lists/Workflow%20History/viewname.aspx?&FilterField1=Item&FilterValue1=",ID,"'>Link To Document</a>")​

Make the workflow history easier to read

Out of the box, the workflow history contains a lot of GUIDs instead of real names (I suppose this is where deleting all those links made sense to Microsoft). To make it more human legible, you can add further calculated columns to the workflow history list to turn some of those column values back into real names. A good example is the workflow name, which is represented by "workflow association ID"

  1. Add a new calculated column called "Workflow name" to the workflow history list.
  2. Use the following formula:
    =IF([Workflow Association ID]="{GUID of particular workflow}", "Name of particular workflow",IF([Workflow Association ID]="{GUID of another particular workflow}", "Name of another particular workflow"))
    ​​
  3. Now save and add this column to your workflow audit views.

That's all. It's clearly not as straightforward as being able to use the OOTB workflow history from the item, but if it means you can still access the same information anytime without harming the performance of the database, it's definitely worth doing! If you know you're going to need workflow history for multiple sites, it's probably worth adding the views at least to the site template before the sites are created, and you could even add the columns to the default libraries with some placeholder values to aid deployment.


 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

Have you forgotten about the WannaCry Cyber Attacks already?373<p style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">The NHS cyber attacks were less than two weeks ago yet it feels like it’s been far longer. So much has happened since and if updating your IT infrastructure was on your agenda but has now been put to one side due to other tasks taking priority read on…..</font></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Nobody in the IT world wants to say “I told you so” following &#160;the recent events but the NHS cyber attack should&#160;have made Managing Directors globally, &#160;sit up and listen to their IT advisors. Everyone knows that technology evolves at an alarming pace and our generation has seen the fastest change in this… at least until we land on Mars. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">This means instead of ignoring the IT gurus, we should be taking on board their advice and expertise, particularly around cybersecurity; trust us, it’ll save you money in the long run. Why are we not listening to the experts who thankfully know everything about ransomware, patch management, nibbles, craplets and&#160;DOS attacks? (High five if you know any of that!)</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Put it this way&#58; If a doctor told you that you had a hole in your heart requiring immediate surgery, otherwise it’s game over, you would agree to it being patched up immediately, right? The health of your business is just as critical. The body of your business is reliant on your IT infrastructure for keeping your business profitable whilst also allowing the lunchtime google sessions! Your out of date software, your lack of adequate back up and your ancient operating system are causing holes that are potentially lethal for your business. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Hackers are more advanced now than ever before , potentially sitting In your system undetected for, on average, over two hundred&#160;days. You need to be ready with the most up-to-date defences you can. The most frustrating part of what has recently happened is that there will be companies out there who will listen to the news, read it in the papers and yet still take the risk, genuinely believing that it will happen to them. If it hasn’t already been drilled in, take a look at a breakdown of last years’ statistics&#58;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><a href="http&#58;//www.hackmageddon.com/category/security/cyber-attacks-statistics/"><span style="text-decoration&#58;underline;"><font color="#0563c1" face="Calibri" size="3">http&#58;//www.hackmageddon.com/category/security/cyber-attacks-statistics/</font></span></a></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Still don’t think you’re at risk?</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;​</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font face="Calibri"><font size="3"><font color="#000000">If the cost implication of a hack doesn’t shock you in to action (and after reading these five case studies from top corporate losses I think it will - </font><a href="https&#58;//hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html"><span style="text-decoration&#58;underline;"><font color="#0563c1">https&#58;//hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html</font></span></a></font></font><font face="Calibri"><font color="#000000" size="3">), then what about the other crippling effects of a hacking that, ultimately, could have been prevented?</font></font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Your reputation would take a hit, especially if thousands of customer’s valuable data including their full names, logins, passwords, e-mails, home addresses, purchase history, and credit card numbers are stolen. It’s a company’s responsibility and legal requirement to keep this information safe. Your customers may jump ship to another competitor, meaning a further hit on your profitability. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">In 2016, two thirds of large UK businesses were hit by a cyber breach or attack. Could this number have been reduced? We know it can.</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Fuse Collaboration are experts in the following&#58;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><ul style="margin-top&#58;0in;"><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Cyber Security</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Patch management</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Back up</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Sharepoint</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Azure</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Office 365</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">System Center </span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Dynamics CRM</span></li></ul><p style="margin&#58;0px 0px 0px 51px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Our services include a bespoke combination of business consulting, </font></span><span lang="EN-GB" style="margin&#58;0px;color&#58;#302e2f;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;">infrastructure design, SharePoint development and managed services and as a </span><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">certified </font><span style="margin&#58;0px;color&#58;#302e2f;">Microsoft Gold Partner you have that added reassurance that your business is in the right hands</span><font color="#000000">. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">Any upgrades to your infrastructure can be phased in over a time suitable to your users, business demands and your budget. Our team are experts in delivering what you want - call us on 01604 797979</font><span style="margin&#58;0px;"></span></span></p><p>​​</p>l.ozier@fusecollaboration.com | Louise Ozier | 693A30232E777C6675736563735C6C2E6F7A696572 i:0#.w|fusecs\l.ozier24/05/2017 23:00:002017-05-24T23:00:00Z25/05/2017 14:27:14http://www.fusecollaboration.com/ourblog/Pages/Forms/AllItems.aspxhtmlFalseaspx

 Contact us

Our address
12-14 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us