Submit a ticketCall us

AnnouncementsFace your biggest database issues head-on

Our new eCourse helps you navigate SQL Server performance blocks by teaching you how to recognize and deal with the three DBA Disruptors: Performance Hog, Blame Shifter, and Query Blocker. Register today to learn how to defend your environment and fend off menacing disruptions.

Register for your free eCourse.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Updated November 9, 2017

Overview

When you add a condition to your nDepth query or rule correlation by using an Event Group, there may be some event fields that are not present in the Fields list. For example, the fields available for the File Audit Alerts group doesn't have a FileName field available.

Environment

  • LEM, all versions

Cause 

There are one or more events in that particular Event Group that do not contain the specific field you are seeking.

Resolution

The fields displayed in any Event Group will only be fields that are common to every event that is included in that Event Group. In our File Audit Alerts example, this group includes many "File" event types but also includes several registry related event types that do not contain the field names you want to use.

 

The solution is to edit the Event Group to remove any unwanted event types that don't have the fields you want to use, or create a new Event Group using only the specific event types you need. You can edit or create new Event Groups under Build > Groups. More details on doing that can be found here: Configure event groups in LEM.

 

 

 

 

Last modified

Tags

Classifications

Public