Submit a ticketCall us

WebinarWebinar: A checklist for planning your Network Performance Monitor (NPM) upgrade

Are you ready for your next upgrade? To help you plan smoothly, join this webcast to learn more about, SolarWinds® Orion® Installer, SolarWinds Upgrade Advisor, Upgrades Guides, Training Videos, and other resources available. We’ll share key upgrade planning considerations, lessons learned from customers with practical advice from SolarWinds Product Experts. We’ll also give practical tips to identify the estimated time needed and resources, how to prepare the business and IT staff for changes, ways to plan for required system changes, and more.

Register now.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Updated November 9, 2017

Overview

When you add a condition to your nDepth query or rule correlation by using an Event Group, there may be some event fields that are not present in the Fields list. For example, the fields available for the File Audit Alerts group doesn't have a FileName field available.

Environment

  • LEM, all versions

Cause 

There are one or more events in that particular Event Group that do not contain the specific field you are seeking.

Resolution

The fields displayed in any Event Group will only be fields that are common to every event that is included in that Event Group. In our File Audit Alerts example, this group includes many "File" event types but also includes several registry related event types that do not contain the field names you want to use.

 

The solution is to edit the Event Group to remove any unwanted event types that don't have the fields you want to use, or create a new Event Group using only the specific event types you need. You can edit or create new Event Groups under Build > Groups. More details on doing that can be found here: Configure event groups in LEM.

 

 

 

 

Last modified

Tags

Classifications

Public