Work with related events

Use the View Related Events portlet to work with related events and related event groups that are derived from your related events configuration.

To access the View Related Events portlet, users must be assigned the ncw_analytics_admin role.

In the Configuration, Group, or Event tables you can right-click on a group, a configuration, or the All container and a menu is displayed. The menu lists some of the following actions for you to select.
  • Watch For more information about this action, see Watching a correlation rule.
  • Deploy For more information about this action, see Deploying a correlation rule.
  • Archive For more information about this action, see Archiving related events.
  • Delete This action is only available from within the Archived tab. If you want to delete event groups from the system, choose this action.
  • Reset performance statistics For more information about this action, see Viewing performance statistics for a correlation rule.
  • New This action is only available from within the Archived tab. If you choose this action, your selected row reinstates into the New tab.
  • Copy Choose this action if you want to copy a row, which you can then paste into another document.
Within the View Related Events portlet, in the New, Watched, Active, Expired, or Archived tabs, four tables display information about your related events.
Configuration table
Displays a list of the related event configurations.
Group Sources table
Displays the source information for related event groups based on the configuration and created patterns.
Groups table
Displays the related event groups for a selected configuration.
Events table
Displays the related events for a selected configuration or a selected group.

A performance improvement implemented in V1.6.7 ensures that the View Related Events portlet displays Events, Groups, and Groups Sources more quickly once an item is selected. As part of this update, each tab in the View Related Events portlet now lists all configurations in the panel following the successful run of a configuration. Configurations are displayed in the panel even if there are no events or groups in a particular state for a given configuration. If no data exists for a particular state, the panels will display a No items to display message. The configuration will be listed in all five tabs, New, Watched, Active, Expired, and Archived.

Right-click on a configuration in the Configuration table to display a list of menu items. You can select the following actions from the menu list.
Right-click on a pattern in the Group Sources table to display a list of menu items. You can select the following actions from the menu list.
  • Edit Pattern For more information about this action, see Editing an existing pattern.
  • Delete Pattern For more information about this action, see Deleting an existing pattern.
  • Copy Choose this action if you want to copy a row, which you can then paste into another document.
Right-click on a group name in the Groups table to display a list of menu items. You can select the following actions from the menu list.
Right-click on an event in the Events table to display a list of menu items. You can select the following actions from the menu list.
Within the View Related Events portlet, you can also complete the following types of tasks.
  • View related events.
  • View related events by group.
  • Sort a related events view.
  • View performance statistics for a deployed correlation rule.
Within the Related Event Details portlet, you can also complete the following types of tasks.
  • Change the pivot event.
  • Work with correlation rules and related events.
  • View events that form a correlation rule.
  • Select a root cause event for a correlation rule