Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > Log and Event Manager Getting Started Guide > Navigate the LEM Console

Navigate the LEM Console

LEM Getting Started Home

Updated: December 15, 2017

The LEM console provides a browser-based method to monitor your LEM appliance. The console is organized into functional areas called views. Views organize and present different information about the components that comprise the LEM system. The LEM Console provides the following views:

  • Ops Center: Provides a graphical representation of your log data. It includes several widgets that help you identify problem areas and show trends in your network. You can select additional widgets from the widget library or add custom widgets that reflect your log activity.
  • Monitor: Displays events in real time as they occur in your network. You can view the details of a specific event or focus on specific types of events. This view also includes several widgets to help you identify trends or anomalies that occur in your network.
  • Explore: Provides tools for investigating events and related details. Select nDepth to search or view event data or log messages. Select Utilities to view additional utilities.
  • Build: Create user components that process data on the LEM Manager. Select Groups to build and manage groups. Select Rules to build and manage policy rules. Select Users to add and manage console users.
  • Manage: Manages properties for appliances and nodes. Select Appliances to add and manage appliances. Select Nodes to manage agents, and to view syslog devices & agents.
  • Analyze: Provides an overview of the Reports feature that extracts and presents data from the database. You must install this feature separately.

This topic provides an overview of the most commonly used LEM Console views.

Explore the Node Details view

When you first get started with LEM, SolarWinds recommends you verify that events from your configured devices are shown in the LEM Console. The most direct approach to verifying that events are being received and normalized by the LEM Manager is to view the node you added to LEM.

  1. Log in to the LEM Console, and click Manage > Nodes.

    The Node page displays.

    File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0080-Navigate_the_LEM_Console/Node_Details_1.png

  2. Double-click the node.

    File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0080-Navigate_the_LEM_Console/Node_Details_2.png

  3. Review the Node Details page.

    File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0080-Navigate_the_LEM_Console/Node-details_864x494.png

    Number Item Description
    1 All Events Shows events collected from the node you selected. If you expect to see events, but do not, troubleshoot the connection.
    2 Node Details Provides information about the node you selected.
    3 List pane Lists the connectors assigned to the node.

Explore the Monitor view

Use the Monitor view to investigate events monitored by LEM.

Events are messages created from agent, manager, and network device log entries. These log entries are processed (or normalized) to extract information and display the data in a common table format instead of the often convoluted format you see in the source data. These normalized events are either syslog data read directly by connectors on the LEM, or events sent from the agent to the manager for processing. At the manager, the events are processed against your rules, sent to your database for archiving, and sent to the LEM console for monitoring.

The Monitor view only shows up to 1000 events. This does not mean that LEM is only processing 1000 events. This limit has been established for browser performance reasons. To see all events, switch to the nDepth search view.

The Monitor view contains the following widgets: All Events, Filters, Event Details, Widget, and Filter Notifications.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0080-Navigate_the_LEM_Console/Monitor_864x496.png

Number Item Description
1 All Events The Events grid displays the events that occur for your selected filter. This grid displays each event that occurs for your selected filter, as well as every event logged to each manager. The title bar displays the filter name you selected in the Filters pane.
2 Filters The Filters pane stores all filters you can apply to the console event messages. All filters are stored in groups. To add a filter to the events grid, click a filter group, and click the plus sign above to add a new filter. The events grid title changes to the name of the event and the grid refreshes and displays the incoming events allowed by the filter conditions.
3 Event Details The Event Details pane displays specific information about the last event you selected in the Events grid. When you click an event, the event is highlighted in the Event Details pane, along with supporting information. To view the event details for a specific event, select the event in the event stream and review the results in the Event Details pane.
4 Widget The Widget pane displays the widgets associated with the filter currently applied to the events grid. Widgets automatically refresh themselves to reflect changes in events grid filtering. You can view the widgets associated with this filter by clicking the drop-down menu and selecting an option
5 Filter Notifications The Filter Notifications tab summarizes the event activity from each of your active notification filters that use blink, pop up, or sound notifications. Click a filter name in this tab to view the events associated with the targeted filter.

Explore the nDepth search view

nDepth is a search engine that locates all event data or the original log messages that pass through a particular manager. The log data is stored in real-time as it occurs from each host (network device) and source (application or tool) that is monitored by the manager. You can use nDepth to conduct custom searches, investigate your search results with a graphical tools, investigate event data in other explorers, and take action on your findings.

Use nDepth to do any of the following:

  • Search normalized event data or the original log messages. You can also use nDepth to explore log messages that are stored on a separate nDepth appliance.
  • View, explore, and search significant event activity. nDepth summarizes event activity with simple visual tools that you can use to easily select and investigate areas of interest.
  • Use existing filter criteria from the Monitor view to create similar searches.
  • Create custom widgets for the nDepth Dashboard.
  • Conduct custom searches. You can also create complex searches with the Search Builder, which is a tool that behaves just like the Filter Builder. You can also save and schedule a search, and reuse it any time by clicking it.
  • Export your findings to PDF or CSV format.
  • Use the Explore menu to investigate nDepth search results with other explorers.
  • Use the Respond menu to take action on any of your findings.

To display the nDepth view, click Explore > nDepth.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0080-Navigate_the_LEM_Console/lem_qsg_view_historical_data34_864x504.png

Number Item Description
1 History Displays links to your recent nDepth search results.
2 Saved Searches Displays links to your saved nDepth search results.
3 List pane Displays categorized lists of events, event groups, event variables, and additional options you can use to create conditions for your filters.
4 Search bar Searches all event data or the original log messages that pass through a LEM Manager. Drag the toggle switch to select Drag & Drop or Text Search mode.
5 Respond Displays a list of corrective actions you can execute when an event occurs, such as shutting down a workstation or blocking an IP address.
6 Explore Displays several utilities you can use to research an event, including Whois, Traceroute, and NSlookup.
7 Time Provides a drop-down menu to select the time range for your search.
8 Play Executes the selected search.
9 Histogram

Displays the number of events or log messages reported within the selected search time range.

10 Dashboard

Displays the search results in all available widgets. You can change this view by clicking a widget in the nDepth toolbar.

The File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0080-Navigate_the_LEM_Console/Icon-Alerts_14x14.png icon indicates you are exploring event data. The File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0080-Navigate_the_LEM_Console/Icon-LogMessage_14x14.png icon indicates you are exploring log messages.

11 nDepth Toolbar Organizes log data into categories to identify activity in your network. Click a selection to display the category below the histogram.

 

Previous: Add a syslog device to LEM Next up: Beyond Getting Started
Last modified

Tags

Classifications

Public