Submit a ticketCall us

AnnouncementsCome see SolarWinds at VMUG Frankfurt

SolarWinds is delighted to attend the upcoming VMUG which will take place at Kap Europa in Frankfurt on June 19th, 2018.

See event details.

Home > Success Center > Log & Event Manager (LEM) > Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Some event fields are missing from a specific Event Group when using them for nDepth or Rules correlations

Updated November 9, 2017

Overview

When you add a condition to your nDepth query or rule correlation by using an Event Group, there may be some event fields that are not present in the Fields list. For example, the fields available for the File Audit Alerts group doesn't have a FileName field available.

Environment

  • LEM, all versions

Cause 

There are one or more events in that particular Event Group that do not contain the specific field you are seeking.

Resolution

The fields displayed in any Event Group will only be fields that are common to every event that is included in that Event Group. In our File Audit Alerts example, this group includes many "File" event types but also includes several registry related event types that do not contain the field names you want to use.

 

The solution is to edit the Event Group to remove any unwanted event types that don't have the fields you want to use, or create a new Event Group using only the specific event types you need. You can edit or create new Event Groups under Build > Groups. More details on doing that can be found here: Configure event groups in LEM.

 

 

 

 

Last modified

Tags

Classifications

Public