Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Search normalized LEM data using nDepth search

Search normalized LEM data using nDepth search

Updated: October 12, 2017

This topic describes how to use nDepth to search for normalized event data that passes through a particular LEM Manager.

Create an nDepth query

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. Click Explore > nDepth.

  3. Click x in the search bar to clear all existing parameters.

  4. Drag search items to the search bar and enter a search expression.

  5. Modify the default time frame as required.

  6. Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0980-Manage_nDepth_search_queries_Save_schedule_run_on-demand_and_more/icon-play2.png to begin your search.

Choose an event in Monitor view to send to nDepth for historical search

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. Click Explore > nDepth.

  3. In the nDepth filter sidebar, select a filter.

  4. Locate an event in the event grid that you want to research.

  5. Click Pause to stop the event feed.

  6. Select the event in the grid.

  7. Click the Explore drop-down menu and select nDepth.

    The nDepth screen appears, displaying your results.

In the nDepth screen, you can narrow or widen your search timeline using the nDepth histogram. After you establish your search timeline, click a tool in the nDepth toolbar to review your results.

Choose a filter in Monitor view to send to nDepth for historical search

You can select a real-time filter in Monitor mode to open in nDepth search. This task requires either the Administrator or Auditor role.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. Click Monitor.

  3. In the filter sidebar, select the filter that you want to send to nDepth.

  4. Click button-gear_17x14.png in the Filters pane and select Send to nDepth.

    The filter opens in the nDepth search engine.

  5. (Optional) Modify the nDepth search Conditions or time frame to fine tune your search.

    Always click Search, denoted by a play button, after altering an nDepth search to get your new results.

Create an nDepth query for all activities by a single user

Use nDepth to create queries for all activity related to a single user or group of users on your network. This is currently the only method to perform this level of reporting and monitoring in LEM.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. Click Explore > nDepth.

  3. Click x in the search bar to clear all existing parameters.

  4. Locate the User Name drop-down menu in the Refine Fields list.

  5. Drag User Name into the Search Bar at the top. If you choose a different user, change the user next to the pencil icon in the search.

  6. Use this selection or change the user name in the Constant File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0960-Search_normalized_data_using_nDepth_search/icon-pencil.png text box.

    When you change the user name:

    • Use trailing wild card characters (such as *) to search for part of a user name.

    • Avoid using leading wild card characters whenever possible.

    • Use user-defined groups or directory service groups to search for groups of users.

  7. Modify the default time frame as required.

  8. Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0980-Manage_nDepth_search_queries_Save_schedule_run_on-demand_and_more/icon-play2.png to begin your search.

Delete items from search strings

Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1290-The_Rule_Builder_form_in_the_LEM_console/button-deletegroup.png next to a condition in the search bar to delete a search string. You can delete individual conditions, groups of conditions, or the entire string.

Adjust the time frame for your nDepth query

  1. In the search bar, click the time selector drop-down menu and select Custom range.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0960-Search_normalized_data_using_nDepth_search/lem-ug-custom-range.png

  2. Select the From and To dates and times in the calendars.

    By default, the custom time frame shows the time frame of your last search.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0960-Search_normalized_data_using_nDepth_search/lem-ug-custom-range-calendars_272x161.png

  3. Click outside the calendars to close.

    Searches that require several minutes to complete or searching several events can result in the search producing time outs or no results.

Last modified

Tags

Classifications

Public