Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > LEM Administrator Guide > About LEM nDepth search

About LEM nDepth search

Updated: September 15, 2017

The nDepth search engine can locate any event data that passes through a particular LEM Manager instance. You can use nDepth to conduct custom searches, investigate your search results with a graphical tools, investigate event data in other explorers, and take action on your findings.

Click the video File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1330-Troubleshoot_alerts_in_the_LEM_console/button_videocamera_18x12.png icon to learn how to use nDepth in LEM.

nDepth visual tools

nDepth summarizes and displays search results with several different visual tools that can also be combined into a customizable dashboard. The tools are intuitive and interactive—you can point and click to refine your searches. Each graphical tool provides an alternative view of the same data, so you can examine your data from several perspectives. You can also view and explore a text-based view of the actual data.

nDepth employs drag-and-drop tools that let you configure simple or even complex search criteria. You can use these tools to dig deeper into your findings by adding search conditions, or by appending text to existing search strings. nDepth also includes a tool called Search Builder that lets you configure complex search criteria using the same sort of drag-and-drop interface found in Filter Creation.

nDepth primary uses

Use nDepth to do the following:

  • Search normalized event data.

    If the nDepth log retention option is enabled, nDepth search can also search raw (non-normalized) log messages that are stored separately. See Configure LEM to store original log messages (nDepth log retention) to learn more about nDepth log retention.

  • View, explore, and search significant event activity. nDepth summarizes event activity with simple visual tools that you can use to easily select and investigate areas of interest.

  • Use existing filter criteria from the Monitor view to create similar searches.

  • Conduct custom searches. You can also create complex searches with the Search Builder, which is a tool that behaves just like the Filter Builder. You can also save any search, and then reuse it at any time by clicking it.

  • Save and reuse custom searches.

  • Schedule saved searches.

  • Create your own custom widgets for the nDepth Dashboard.

  • Export your findings to a printable report in PDF format, or your search results to a spreadsheet file in CSV format.

  • Use the Explore menu to investigate nDepth search results with other explorers.

  • Use the Respond menu to take action on any of your findings.

  • Export your findings to a report in PDF format.

Events and Log Messages

If the nDepth log retention option is enabled, LEM uses two data stores: the first data store is for normalized event data, and the second data store is for original (raw) event data. Use the following nDepth modes if nDepth log retention is enabled:

  • Events mode. nDepth summarizes and explores your normalized event data. Normalized data appears in Monitor view and is stored in the LEM database.

  • Log Messages mode. nDepth summarizes and explores raw log messages received from the original event logs. Use this mode if you have specific data analysis needs and understand how to interpret raw log messages generated by network devices and tools.

Data storage is limited. If you have not configured a CMC option for archiving data, LEM will delete the oldest data to make room for new data.

Common data fields in nDepth search

See Common data field categories in LEM nDepth search

Last modified