Analysts can use the Timeline Settings option to change the values based on the Spike Y-axis (Count and Size) and view the data presented on the timeline. This allows analysts to detect significant spikes that could indicate anomalies. Using the visual representation, analysts can conduct a more detailed investigation of the events that occurred during that specific period.
For more information on Timeline, see the section Investigate on Timeline in the topic Begin an Investigation in the Events View.
Note: To change the X-axis settings, you must change the Query Time options set within the Events Preferences panel. For more information on Query time, see Configure the Events View.
What do you want to do?
| User Role | I want to ... | Show me how |
|---|---|---|
|
Analysts |
Configure Timeline Settings |
To change the Timeline Settings
-
Log in to the NetWitness Platform.
-
Go to Investigate > Events.
-
Click (
) Timeline Settings.
-
Select the Spike (Y-axis) based on your preference:
-
Event Count: Displays the total number of events that have occurred at a specific time on the timeline.
-
Event Size: Displays the total size of the events recorded by services at a certain time on the timeline.
- Packet Count: Displays the total number of packets captured at a specific time on the timeline.
-
5. Click Apply Changes. The changes are reflected on the Timeline bar.
6. Click X to close the Timeline Settings.
Related Topics
Quick Look - Timeline Settings Panel
This is an example of the Timeline Settings Panel.
The following table describes the fields in the Timeline Settings Panel.
| Feature | Description |
|---|---|
| Event Count | Displays the total number of events that have occurred at a specific time on the timeline. |
| Event Size | Displays the total size of the events recorded by services at a certain time on the timeline. |
| Packet Count | Displays the total number of packets captured at a specific time on the timeline. |
| Apply | Applies the changes and the changes are reflected on the timeline bar. |
| X | Closes the dialog without applying changes |
