Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > How to Use Reports to Search and Analyze Log Data with SolarWinds Log & Event Manager - Video

How to Use Reports to Search and Analyze Log Data with SolarWinds Log & Event Manager - Video

Updated 8-18-2016

Overview

This video will demonstrate how to use LEM's reporting application to generate, schedule and create custom reports.

 

 

Environment

  • Log & Event Manager

Related Resources

Video Transcription

The Reports Console in LEM comes complete with over 300 report templates as well as out of the box packages designated for the regulated industries like PCI, HIPAA, SOX, NCUA, NERC-CIP, DISA-STIG and more. Before we begin make sure you have installed and have access to your reporting application. If you cannot access the application checkout the reports installation video for assistance.

Ok let's get started. I would like to begin by pointing out the features available in the console and where they are located.

  1. Open the reports console you will be taken to the Settings Tab where a complete list of reports are visible.
  2. Click on the large button with graph icon to see options for opening and existing report, exporting, scheduling and printing.
  3. Directly below the report options button there is a Category drop down menu that lists different reporting options such as standard, industry for compliance packages, custom and favorites.
  4. The settings tab lists all of the available reports along with options along right for the different reporting functions.
  5. The View tab is the area where you can view, export and query reports.
  6. To start things off lets run a report. Note the level column in the reports list. LEM breaks down reports into Master, detail, and top levels. Master reports are the largest as they will include every type of log in an event category like authentication or network traffic. Master reports, like this Authentication report seen here will typically contain a graphical summary page and each category listed on the left. Detail level reports like this User logon failure by user report will only display events and event details. Finally, the top level reports give you the ability to see top x events.
  7. After running a report you can investigate further by using the Select Expert utility located in the View tab however before diving into Select Export it is important to note the like the Web console everything in reporting is based on Events and fields. If you look at this Authentication report all of the fields are listed as column labels across the top. You can also mouse over data and it will display the field.
  8. Once you identify the field or fields you wish to query click on Select Expert.
  9. Within Select Expert click new and a list of fields will be displayed. In this case I will select destination account as I want to search for a specific username.
  10. Once I select the field I can then select my comparison value like is equal to, is not equal to, is like etc etc. I am going select is like.
  11. Now that I have selected a value I can click a drop down and let reports show me whats available or I can just type it in and use wild cards as necessary.
  12. Next I will click add to enter the details. If I want to use more fields I just click the new button again to add more fields and expand my query.
  13. Click OK and select expert will attempt to locate the filter out only the information in the query like you see here.
  14. Once the query is complete I can export these results as a separate report by click the export button then selecting a format and location. I can also use this query as a custom report by saving it in the native crystal reports format under the Custom Reports directory where I can then schedule it to run automatically.
  15. The last item on the list to cover is scheduling a report. LEM reports works in conjunction with Windows Scheduled Tasks for scheduled. You can right click directly on a report or click the schedule icon at the top to begin scheduling a report.
  16. I will right click on report and click Schedule to open the scheduler utility.
  17. Next, click on Add to create the scheduled task. Give it a name, click ok and the scheduler tool will appear where you can configure details such how often you want the report to run and when you want the report to start.
  18. Once the task has been configured click on the Load to View and Edit button.
  19. Now select the data source drop down and select your LEM virtual appliance. Then select the date range drop down to select an existing range like the last day, week or month or select user specified to create a custom date range. 
  20. Once that is complete click on the Export check box so you can select a format like word or pdf, give the report a name and location and finally select whether you want to overwrite or increment with a date/time stamp.
  21. Now that everything is configured click Save you have successfully scheduled a report. 

Visit the Success Center for more information on using Log & Event Manager. https://support.solarwinds.com/Succe..._Manager_(LEM)

 

 

Last modified
15:42, 18 Aug 2016

Tags

Classifications

Public