View Historical Graph of Events Collected for an Event Source

Note: For NetWitness 11.4.1, this view has been deprecated. To manage Event Sources, use the netwitness_adminicon_25x22.png (Admin) > Event Sources view. For details, see "About Event Source Management" in theNetWitness Event Source Management Guide.

The historical graph of the events collected from an event source gives you information about the variation of the collection over a selected time frame.

To view a historical graph:

  1. Go to ADMIN > Health & Wellness.
    The Health & Wellness view is displayed with the Alarms tab open.
  2. Click Event Source Monitoring.
    The Event Source Monitoring view is displayed.
  3. In the Historical Graph column, select netwitness_histgraph.png.
    The Historical graph for the selected event source is displayed.
    The figure below gives an example of the historical graph for the event source type winevent_snare.
    netwitness_histgraphwinev_750x425.png
    The graphical view is customized to display the events collected for the current day and the values are zoomed in for an interval of an hour (09.05 - 105.05 hrs). Hover over the graph to view the details at a particular instant. For example, in the figure it displays the average rate of collection at 09.30 hrs.

Note: You can customize the graph view by selecting the Time Frame and Date range. You can zoom in using the zoom in value, time window, or by just a click and a drag in the plot area. For details on the parameters to customize and zoom in functions see Health and Wellness Historical Graphs collected from an event source.
If there is no data displayed on the chart, this may be due to one of the following reasons:
- The event source is down.
- The event source is not processing anything right now.