The Events page includes a Search text box that helps you quickly locate events that match strings you enter.
Search strings are matched against data in the following fields:
File Hash
Source
Subtype
Platform
IP Address
If data in these fields in the Events database matches the string, an auto-completion menu provides a list from which you can select the item you wanted to see.
When you select an item from the list, the table is filtered in one of two ways:
- If you checked Automatically apply before entering the search screen, clicking on an option in the menu immediately filters the table to show only events matching that string in the appropriate field.
- If you did not check Automatically apply, clicking on an option in the menu opens the Filters panel with a filter configured to show only events matching that string in the appropriate field. You can add other filters before applying the changes to the table view.
Field |
Description |
---|---|
|
Name for this report. If you are creating a new report, enter any text that indicates the purpose of the report in the right text box of Saved Views and then click Add. The report is saved and listed by its new name in the Saved Views menu with the other reports. |
|
Time period of interest. Events in the report are between the time the report is run and a specified period in the past (hours, days, weeks, or months). Your selection takes effect immediately. The Filters panel allows you more options for setting a time window, including Timestamp, for which the start and/or end date does not have to be the current date and time. |
|
Maximum number of events displayed on a single page in the Events table. This is controlled on a per-user basis by the rows per page menu in the bottom right below the table. The default value is 25. If your report includes more items than the rows per page setting, the console creates more pages and a page number panel for navigation. |
|
Data field (column) by which you want to group results for default display and the sort order (ascending or descending). Group by creates expandable lists that initially only show the group name (for example, security policies) and number of items per group, but can be clicked to show the members of the group (for example, computers). Not all column names are available for grouping. The order of the groups in Group by (and Subgroup by) can be specified as one of the following:
|
|
Similar to |
|
Event fields to apply to the report. You can specify any combination of filters to determine which events are included. Although most filters are for data that is clearly associated with the file or computer in the event, the following are special cases:
Severity status for each log message is shown in the Severity column.
Note: In previous releases, the column and filter now labeled
Severity was called
Priority.
|
|
Information to be included as columns in the Events table. Use arrows to specify which columns are displayed and in what order: Items in the Selected list are displayed in the table. Items in the Available list are not displayed in the table. |