Click Explore and select nDepth to conduct custom searches. You can also open nDepth from an existing data source, such as an event field or another explorer (such as NSLookup, Whois, Traceroute, and Flow) to search for similar events and data.
By default, the nDepth search time includes the last 10 minutes. The end time begins when you open nDepth. The start time begins 10 minutes prior to opening nDepth.
The following illustration provides an overview of the nDepth dashboard.
|1||History||Displays links to your recent nDepth search results.|
|2||Saved Searches||Displays links to your saved nDepth search results.|
|3||List pane||Displays categorized lists of events, event groups, event variables, and additional options you can use to create conditions for your filters.|
|4||Search bar||Searches all event data or the original log messages that pass through a LEM manager. Drag the toggle switch to select Drag & Drop or Text Search mode.|
|5||Respond||Displays a list of corrective actions you can execute when an event occurs, such as shutting down a workstation or blocking an IP address.|
|6||Explore||Displays several utilities you can use to research an event, including Whois, Traceroute, and NSlookup.|
|7||Time||Provides a drop-down menu to select the time range for your search.|
|8||Play||Executes the selected search.|
Displays the number of events or log messages reported within the selected search time range.
Displays the search results in all available widgets. You can change this view by clicking a widget in the nDepth toolbar.
The icon indicates you are exploring event data. The icon indicates you are exploring log messages.
|11||nDepth Toolbar||Organizes log data into categories to identify activity in your network. Click a selection to display the category below the histogram.|
In the Explore menu on the Event grid, click nDepth.
The nDepth screen appears, and the nDepth search box contains the event or event field you are exploring.
When you initiate an nDepth search from the Monitor view, nDepth automatically searches all hosts and sources for every instance of the selected event field that has occurred within a ten-minute period around the event you are exploring. This way, you can identify similar events that occurred before and after the event you are exploring.