Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Common data field categories in LEM nDepth search

Common data field categories in LEM nDepth search

Updated: September 15, 2017

The categories in this topic frequently appear in the Refine Fields list, the Tree Map view, and the Result Details view.

This topic provides help for the Explore > nDepth view in the LEM console. For page-level help of the nDepth view, see nDepth view in the LEM console.

Common data field categories in Events Mode

This table describes the data fields that are most commonly seen when working with event data.

Field Description

Event Name

The name of the event.

Detection IP

The network node that created the event data. The node is usually a Manager or an Agent.

The DetectionIP is identical to the InsertionIP field, but can also be a network device (such as a firewall or an intrusion detection system) that sends log files over a remote logging protocol.

Inference Rule

The name of the correlation that caused the event. The Inference Rule field will generally be blank, but displays the rule name when the event is related to a rule.

Insertion IP

The Manager or Agent that created the event. This is the source that first read the log data from a file or other source.

IP Address

The IP address associated with the event. This is a composite field drawn from several different event fields. It shows all the IP addresses that appear in event data.

Manager

The Manager that received the event. For data generated from an Agent, this is the Manager connected to the Agent.

Provider SID

A unique identifier for the original data. Generally, this field includes information used in researching information on the event in the originating network device vendor documentation.

Severity

The severity (0–7) of the event

Tool Alias

The alias name entered used to configure the tool on the Manager or Agent.

User Name

The user name associated with the event. This is a composite field, drawn from several different event fields. It shows all the places that user names appear in event data.

Common data field categories in Log Messages mode

This table describes the data fields that are most commonly seen when working with log messages. The fields are listed here alphabetically.

Field Description

Host

The node the log message came from (that is, the LEM or Agent that collected the message for forwarding to nDepth).

HostFromData

The originating network device (if different than the node) that the message came from. Normally, Host and HostFromData are the same. In the case of a remote logging device (such as a firewall) this field reports the original remote device's address.

ToolId

The tool that generated the log message.

ToolType

The category for the tool that generated the log message.

Last modified

Tags

Classifications

Public