Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Explore view in the LEM console > Using result details

Using result details

Created by Caroline Juszczak, last modified by Caroline Juszczak on Aug 29, 2016

Views: 11 Votes: 0 Revisions: 4

The Results Details view displays the raw data displayed in the graphical views. You can create or refine searches by dragging and dropping search strings from the search data into the nDepth search box.

You can use Result Details in Events mode to view and search normalized event data found in the Monitor view or Log Messages mode to view and search the original log message data collected and stored on the LEM (or another dedicated nDepth appliance).

You can use your nDepth search results to refine your nDepth searches, explore event details with other explorers, or initiate an active response to event details.

Interpret search results in Events mode

Use Events mode to search all normalized event data reported in the Monitor view. This data is pulled from the LEM appliance.

The following table describes how to interpret your data search results in Events mode.

Name Description

Event number

The incremented event number. Each row represents a new event.

Date and time stamp

The time and date the event occurred.

Event name

The name of the event that occurred.

EventInfo

Additional information about the event. You can select these details to refine your nDepth search, explore them with other explorers, or respond to them with an active response.

Interpreting search results in Log Messages mode

In Log Messages mode, you can use nDepth to search all of the original log messages that pass through a particular network appliance (or host). Below is an example of the nDepth Result Details view with the original log message data.

File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/060/010/060/Interpret-LogMessageData.png

The following table explains how to interpret search results of data in Log Messages mode.

Item Name Description

1

Event number

The incremented event number. Each row represents a new event.

2

Data and time stamp

The time and date the event occurred.

3

Log message The log message that matched your search criteria.

4

Host

The manager or appliance that logged the message.

5 ToolId

The actual product or tool that generated the message.

6 ToolType

The SolarWind tool category that generated the message.

Tool IDs and Tool Types match SolarWinds tool configuration categories.

Adding search strings from Result Details

Use the following procedures in the Results Details view to highlight and select character strings and create new search conditions from the data.

To Do this

Selecting data

Highlight a continuous character string

Point to the character string.

Select a continuous character string

Point to the character string to highlight it. Click the string to select it.

After you select a character string, an orange box surrounds the string. Every matching character string in the search results is selected as well.

Select a phrase (two or more character strings separated by spaces)

Click the first character in the string, and then drag across the string to select the remaining content.

After you select a character string, an orange box surrounds the string. Every matching character string in the search results is selected as well.

Select a data row

Click the event number in the row. When the row is selected, an orange highlight bar appears to the left of the row.

Creating search conditions from Result Details data

Clear the search box to add a new search condition

  1. On the search bar, click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/060/010/060/Icon-Delete(X).png to clear the search box.
  2. Add a new search condition by using any of the techniques in this table.

Add a search condition from Result Details data

  1. Select a character string in the data.
  2. Double-click the selected string to add it to the search box.

Select a character string in the data, and then drag it into the search box.

Copy and paste a character string from Result Details data into the search box

  1. Change the search bar to Text Input mode.
  2. Select a character string in the data.
  3. Copy the search string.
  4. Click the search box, and then paste the character string into the text box.

Type a search string in the search box

  1. Change the search bar to Text Input mode.
  2. Type the search string directly in the search box.

Add conditions to an existing search

  1. In the data, select the character string you want to append to the existing search conditions.
  2. Double-click the selected string or drag the string into the search box.

    Your selection is appended to the existing conditions.

Using Explorers with Result Details

Use the nDepth Result Details view to access additional explorers to investigate specific details that you find in your nDepth search results.

You can select specific values and pass them in to the value-based explorers (such as Whois, NSLookup, and Traceroute). For example, you can investigate a suspicious IP address with these explorers to learn more about that IP address.

When you view data in Events mode, each row in the search results represents the data for an individual event. You can select the row for an event you want to explore, and then pass the row into the Event Explorer to explore that event.

To explore details in search results:

  1. Open the Result Details view.
  2. Select the character string or row you want to explore.

    Select the character string you want to investigate. When selected properly, the character string is surrounded by an orange box.

    If you are viewing data in Events mode, select the row you want to explore in the Event Explorer. When you select a row, an orange highlight bar appears to the left of the row.

  3. Click Explore and select the explorer you want to use.

    The Explore > Utilities view displays, and the system passes the selected data to your selected explorer.

  4. Click Search or Analyze to explorer the string.
 
Last modified
09:58, 29 Aug 2016

Tags

Classifications

Public