Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Updated November 9, 2017

Overview

When you add a condition to your nDepth query or rule correlation by using an Event Group, there may be some event fields that are not present in the Fields list. For example, the fields available for the File Audit Alerts group doesn't have a FileName field available.

Environment

  • LEM, all versions

Cause 

There are one or more events in that particular Event Group that do not contain the specific field you are seeking.

Resolution

The fields displayed in any Event Group will only be fields that are common to every event that is included in that Event Group. In our File Audit Alerts example, this group includes many "File" event types but also includes several registry related event types that do not contain the field names you want to use.

 

The solution is to edit the Event Group to remove any unwanted event types that don't have the fields you want to use, or create a new Event Group using only the specific event types you need. You can edit or create new Event Groups under Build > Groups. More details on doing that can be found here: Configure event groups in LEM.

 

 

 

 

Last modified

Tags

Classifications

Public