View Alerts View

In the View Alerts view, you can view all the alerts. Also, you can also customize the view to show alerts for a specific period of time, and set the maximum number of alerts displayed in a single page.

Workflow

What do you want to do?

Role	I want to...	Documentation
Administrator/ Analyst	Configure Reporting Engine	Configure Reporting Engine
Administrator/ Analyst	Configure an alert	Configure an Alert
Administrator/ Analyst	Schedule an alert	Schedule an Alert
Administrator/ Analyst	View an alert*	View an Alert
Administrator/ Analyst	Investigate an alert	Investigate an Alert
Administrator/ Analyst	Manage an alert and alert template	Manage an Alert and Alert Template

*You can complete these tasks here.

Related Topics

Alerting Overview

Quick View

The following figure is an example with the important features labeled.

1	Click Alerts to open the Alert view.
2	Click View Alerts to view the different panels on View Alerts.
3	The View Alerts toolbar allows you to filter alerts based on a count, or the start and end date of the alerts.
4	The View Alerts List lists all the filtered alerts in a tabular format.

The View Alerts view has the following panels:

View Alerts Toolbar
View Alerts List

View Alerts Toolbar

The following table lists the operations in View Alerts toolbar panel.

Option	Description
Last Hour(s) data	The data fetched from the previous execution.
Max No Of Alerts	The maximum number of alerts that you want to fetch from the Reporting Engine service for a specific time-range.

Option

Description

Last Hour(s) data

The data fetched from the previous execution.

Max No Of Alerts

The maximum number of alerts that you want to fetch from the Reporting Engine service for a specific time-range.

View Alerts List

The following table lists the columns in the View Alerts List panel.

Column	Description
	The icon that opens the Investigation module, where the details of the first session that registered the match for the given alert is displayed for immediate analysis. Note: You are not redirected to the Investigation module when: -You reconfigure a data source for an existing alert and run an alert on the new data source. -You enter a host name instead of an IP address in the data source field.
Name	The name of the alert that registered the match. The hyperlink on the name opens the Investigation module to view all matches for that particular alert for the hour surrounding the registered alert.
Number of hits	The number of times the alert is generated.
Detected	The date and time at which the alert generates.
Message	The alert message.

NetWitness Community

Table of Contents

Product Resources

View Alerts View

On this page