The Manage tab organizes event sources into groups, and displays attributes for each event source.
This workflow shows the overall process for configuring event sources.
|Role||I want to...||Documentation|
*View and modify event sources.
Acknowledge and map event sources.
Add and configure parser mappings for a Log Decoder
View event source alarms.
Troubleshoot event source management.
*You can perform this task here.
The Manage tab organizes event sources into groups, and displays attributes for each event source. The Manage tab consists of two panels, Groups and Event Sources.
The Filter Panel provides options for filtering the set of event sources shown in the grid view. This is an example of the Filter Panel:
This panel provides the following options:
- You can filter on the event source name, using Contains, Exact, Starts With, or Ends With. Select one of these choices, then enter the corresponding string to match against.
- Select one or more Event Source Types to filter based on this value.
- To view event sources that send data to a particular Log Collector, select a Log Collector from the drop-down list.
- To view event sources that send data a particular Log Decoder, select a Log Decoder from the drop-down list.
- Select the time frame for when the events were collected. You can choose a value from 5 minutes to the previous 90 days, or all data that has been collected.
- Use the Received and Not Received radio buttons to filter the query results to contain only event sources that logs have been received from within the selected time, or query results to contain only event sources that logs have not been received from within the selected time.
After you complete the set of filters, click Apply to view the query results in the Event Sources grid.
The Groups Panel lists the event source groups, as well as a count of the members for each group. To see all event sources, select All from the groups list. This is an example of the Groups panel.
Displays the standard NetWitness Platform icons for adding, removing, or editing groups.
Lists the identifier for each group in the Name column. You can use the group names to quickly identify some of the criteria used to form the group.
For example, if you create a group that consists of Windows event sources for the Sales organization, you could name the group Windows Sales Sources.
The count for an event source group indicates the number of event sources in that group. That is, the number of event sources that match the criteria used to define the group.
Event Sources Panel
The Event Sources panel displays the attributes for the event sources in the selected group. Or, if All is selected in the Groups panel, the Event Sources panel lists all event sources.
The toolbar contains the following tools:
|2||Columnar display of attributes. You can choose which attributes to display.|| |
|3||Checkboxes: Select rows to use when performing tasks on multiple event sources, such as bulk editing.|| |
|4||Navigation Tools: |
At the bottom of the screen, there are items that help in navigating your group:
In the Event Sources panel, the list of items is presented in a sorted order. You can choose which column on which to sort. Note, however, that the sort order depends on capitalization.
For any string column, if the values contains a mix of lower case and upper case, the upper case appear in the list before the lower case values.
For example, assume the Event Source Type column contains the following entries: Netflow, APACHE, netwitnessspectrum, ciscoasa. The sort order would be as follows: