Example: Tracking a user that caused events to be routed to storage

Use the Operations app to view details about a change that a user made to the system that caused events to be routed to storage.

Procedure

  1. Click the navigation menu icon, and then select Users from the list.
  2. From the Users pane, select michaelJ to open a timeline so that you can view the activities.
  3. From the timeline, select a day. The timeline is collapsed and displays the total count of events per day.
  4. Select an event to view more information about that event in the details panel on the right.

    In the following example, you can see that michaelJ created a rule that has an expensive payload regular expression match.

    Figure 1. Event details
    Event details
  5. Click the navigation menu icon, and then select System Overview from the list.
  6. Click the system notification name in the graph to see more details about the notification.

    Because of the rule that michaelJ created, the system notification Events(s) were routed directly to storage displays in the graph on the System Overview page.

    Figure 2. System Notification details
    System Notification details