Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > LEM Administrator Guide > Search normalized LEM data using nDepth search

Search normalized LEM data using nDepth search

Updated: September 6, 2018

This topic describes how to use nDepth to search for normalized event data that passes through a particular LEM Manager.

Create an nDepth query

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. On the LEM toolbar, navigate to Explore > nDepth.

  3. To clear all existing parameters, click x in the search bar.

  4. Drag search items to the search bar,  and then enter a search expression.

  5. Modify the default time frame as required.

  6. To begin your search, click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0980-Manage_nDepth_search_queries_Save_schedule_run_on-demand_and_more/icon-play2.png.

Choose an event in Monitor view to send to nDepth for historical search

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. On the LEM toolbar, navigate to Explore > Depth.

  3. In the nDepth filter sidebar, select a filter.

  4. Locate an event in the event grid that you want to research.

  5. To stop the event feed, click Pause.

  6. Select the event in the grid.

  7. From the Explore drop-down list, select nDepth.

    The nDepth screen appears, displaying your results.

In the nDepth screen, you can narrow or widen your search timeline using the nDepth histogram. After you establish your search timeline, click a tool in the nDepth toolbar to review your results.

Choose a filter in Monitor view to send to nDepth for historical search

You can select a real-time filter in Monitor mode to open in nDepth search. This task requires either the Administrator or Auditor role.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. On the LEM toolbar, click Monitor.

  3. In the filter sidebar, select the filter that you want to send to nDepth.

  4.  In the Filters pane, click button-gear_17x14.png, and then select Send to nDepth.

    The filter opens in the nDepth search engine.

  5. Modify the nDepth search Conditions or time frame to fine tune your search (Optional).

    Always click Search, denoted by a play button, after altering an nDepth search to get your new results.

Create an nDepth query for all activities by a single user

Use nDepth to create queries for all activity related to a single user or group of users on your network. This is currently the only method to perform this level of reporting and monitoring in LEM.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. On the LEM toolbar, navigate to Explore > nDepth.

  3. To clear all existing parameters, click x in the search bar.

  4. In the Refine Fields list, locate the User Name drop-down list.

  5. Drag User Name into the Search Bar at the top. If you choose a different user, change the user next to the pencil icon in the search.

  6. Use this selection or change the user name in the Constant File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0960-Search_normalized_data_using_nDepth_search/icon-pencil.png text box.

    When you change the user name:

    • Use trailing wild card characters (such as *) to search for part of a user name.

    • Avoid using leading wild card characters whenever possible.

    • Use user-defined groups or directory service groups to search for groups of users.

  7. Modify the default time frame as required.

  8. To begin your search, click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0980-Manage_nDepth_search_queries_Save_schedule_run_on-demand_and_more/icon-play2.png.

Delete items from search strings

To delete a search string, click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1290-The_Rule_Builder_form_in_the_LEM_console/button-deletegroup.png next to a condition in the search bar. You can delete individual conditions, groups of conditions, or the entire string.

Adjust the time frame for your nDepth query

  1. In the search bar, click the time selector drop-down list and select Custom range.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0960-Search_normalized_data_using_nDepth_search/lem-ug-custom-range.png

  2. Select the From and To dates and times in the calendars.

    By default, the custom time frame shows the time frame of your last search.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0960-Search_normalized_data_using_nDepth_search/lem-ug-custom-range-calendars_272x161.png

  3. Click outside the calendars to close.

    Searches that require several minutes to complete or searching several events can result in the search producing time outs or no results.

For more information see About LEM nDepth Search

Last modified

Tags

Classifications

Public