Manage Tab

The Manage tab organizes event sources into groups, and displays attributes for each event source.

To access this tab, go to netwitness_adminicon_25x22.png (Admin) > Event Sources > Manage.

Workflow

This workflow shows the overall process for configuring event sources.

netwitness_111_01viewmodessimple.png

What do you want to do?

Role I want to... Documentation

Administrator

*View and modify event sources.

Managing Event Source Groups

Administrator

Acknowledge and map event sources.

Acknowledging and Mapping Event Sources

Administrator

Add and configure parser mappings for a Log Decoder

Manage Parser Mappings

Administrator

View event source alarms.

Viewing Event Source Alarms

Administrator

Troubleshoot event source management.

ESM Troubleshooting & Appendix

*You can perform this task here.

Related Topics

Creating Event Source Groups

Creating an Event Source and Editing Attributes

Quick Look

The Manage tab organizes event sources into groups, and displays attributes for each event source. The Manage tab consists of two panels, Groups and Event Sources.

 

Filter Panel12.1_EsmMngTbNew_1122.png

The Filter Panel provides options for filtering the set of event sources shown in the grid view. This is an example of the Filter Panel:

netwitness_filterpanel.png

This panel provides the following options:

  • You can filter on the event source name, using Contains, Exact, Starts With, or Ends With. Select one of these choices, then enter the corresponding string to match against.
  • Select one or more Event Source Types to filter based on this value.
  • To view event sources that send data to a particular Log Collector, select a Log Collector from the drop-down list.
  • To view event sources that send data a particular Log Decoder, select a Log Decoder from the drop-down list.
  • Select the time frame for when the events were collected. You can choose a value from 5 minutes to the previous 90 days, or all data that has been collected.
  • Use the Received and Not Received radio buttons to filter the query results to contain only event sources that logs have been received from within the selected time, or query results to contain only event sources that logs have not been received from within the selected time.

After you complete the set of filters, click Apply to view the query results in the Event Sources grid.

Groups Panel

The Groups Panel lists the event source groups, as well as a count of the members for each group. To see all event sources, select All from the groups list. This is an example of the Groups panel.

netwitness_grppanel2.png

1

Displays the standard NetWitness icons for adding, removing, or editing groups.
2

Lists the identifier for each group in the Name column. You can use the group names to quickly identify some of the criteria used to form the group.

For example, if you create a group that consists of Windows event sources for the Sales organization, you could name the group Windows Sales Sources.

Note: The event source group name is not editable. After you create a group, that name exists as long as the group itself.
3

The count for an event source group indicates the number of event sources in that group. That is, the number of event sources that match the criteria used to define the group.

Note: The count is not dynamically updated when new event sources are added. Thus, you may need to refresh to see an updated group count.

Event Sources Panel

The Event Sources panel displays the attributes for the event sources in the selected group. Or, if All is selected in the Groups panel, the Event Sources panel lists all event sources.

netwitness_espanelnew2.png

1

The toolbar contains the following tools:

  • Add: manually add an event source
  • Remove: remove an event source
  • Edit: Update attributes for an existing event source
  • Import / Export menu: Displays a menu with the following options:
    • Import: Import event sources from a Content Management Database (CMDB), spreadsheet, or other tool.
    • Export: Export selected event sources and their attributes in CSV format.
    • Export Group: Export the entire group that is currently selected.
  
2 Columnar display of attributes. You can choose which attributes to display.

 
3 Checkboxes: Select rows to use when performing tasks on multiple event sources, such as bulk editing.

 
4 Navigation Tools:

At the bottom of the screen, there are items that help in navigating your group:

  • Page x of y: indicates which page you are currently displaying, and how many total pages exist for this group.
  • <<, <, > and >>: click these icons to move between pages either one at a time (< and >) or to the first (<<) or last (>>) page.
  • Page Size: use this selector to choose your page size.
  • Displaying x - y of z: quick check of which event sources are currently displayed out of the total number for the group.
  

Sorting

In the Event Sources panel, the list of items is presented in a sorted order. You can choose which column on which to sort. Note, however, that the sort order depends on capitalization.

For any string column, if the values contains a mix of lower case and upper case, the upper case appear in the list before the lower case values.

For example, assume the Event Source Type column contains the following entries: Netflow, APACHE, netwitnessspectrum, ciscoasa. The sort order would be as follows:

  • APACHE
  • Netflow
  • ciscoasa
  • netwitnessspectrum