Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Updated November 9, 2017

Overview

When you add a condition to your nDepth query or rule correlation by using an Event Group, there may be some event fields that are not present in the Fields list. For example, the fields available for the File Audit Alerts group doesn't have a FileName field available.

Environment

  • LEM, all versions

Cause 

There are one or more events in that particular Event Group that do not contain the specific field you are seeking.

Resolution

The fields displayed in any Event Group will only be fields that are common to every event that is included in that Event Group. In our File Audit Alerts example, this group includes many "File" event types but also includes several registry related event types that do not contain the field names you want to use.

 

The solution is to edit the Event Group to remove any unwanted event types that don't have the fields you want to use, or create a new Event Group using only the specific event types you need. You can edit or create new Event Groups under Build > Groups. More details on doing that can be found here: Configure event groups in LEM.

 

 

 

 

Last modified

Tags

Classifications

Public