Work with related events
Use the View Related Events portlet to work with related events and related event groups that are derived from your related events configuration.
To access the View Related Events portlet,
users must be assigned the ncw_analytics_admin
role.
All
container and a menu is displayed. The menu lists some of the following
actions for you to select.- Watch For more information about this action, see Watching a correlation rule.
- Deploy For more information about this action, see Deploying a correlation rule.
- Archive For more information about this action, see Archiving related events.
- Delete This action is only available from within the Archived tab. If you want to delete event groups from the system, choose this action.
- Reset performance statistics For more information about this action, see Viewing performance statistics for a correlation rule.
- New This action is only available from within the Archived tab. If you choose this action, your selected row reinstates into the New tab.
- Copy Choose this action if you want to copy a row, which you can then paste into another document.
- Configuration table
- Displays a list of the related event configurations.
- Group Sources table
- Displays the source information for related event groups based on the configuration and created patterns.
- Groups table
- Displays the related event groups for a selected configuration.
- Events table
- Displays the related events for a selected configuration or a selected group.
A performance improvement implemented in V1.6.7 ensures that the View Related Events portlet displays Events, Groups, and Groups Sources more quickly once an item is selected. As part of this update, each tab in the View Related Events portlet now lists all configurations in the panel following the successful run of a configuration. Configurations are displayed in the panel even if there are no events or groups in a particular state for a given configuration. If no data exists for a particular state, the panels will display a No items to display message. The configuration will be listed in all five tabs, New, Watched, Active, Expired, and Archived.
- Edit Pattern For more information about this action, see Editing an existing pattern.
- Delete Pattern For more information about this action, see Deleting an existing pattern.
- Copy Choose this action if you want to copy a row, which you can then paste into another document.
- Create Pattern For more information about this action, see Managing event patterns.
- Unmark as reviewed For more information about this action, see Marking a related events group as reviewed.
- Mark as reviewed For more information about this action, see Marking a related events group as reviewed.
- Watch For more information about this action, see Watching a correlation rule.
- Deploy For more information about this action, see Deploying a correlation rule.
- Archive For more information about this action, see Archiving related events.
- Delete This action is only available from within the Archived tab. If you want to delete event groups from the system, choose this action.
- Reset performance statistics For more information about this action, see Viewing performance statistics for a correlation rule.
- New This action is only available from within the Archived tab. If you choose this action, your selected row reinstates into the New tab.
- Copy Choose this action if you want to copy a row, which you can then paste into another document.
- Show details For more information about this action, see Viewing related events details for a seasonal event.
- Copy Choose this action if you want to copy a row, which you can then paste into another document.
- View related events.
- View related events by group.
- Sort a related events view.
- View performance statistics for a deployed correlation rule.
- Change the pivot event.
- Work with correlation rules and related events.
- View events that form a correlation rule.
- Select a root cause event for a correlation rule