Event Views
Previous
Next
Event Views |
Previous
Next
|
|
Administrators can quickly diagnose problems by using Event Views to organize large amounts of event log information. Event Views allow you to group events that match Include and/or Exclude Filters with the options to notify or report based on that Event View. Open an Event View to see new events as they occur plus events that may be present from past database queries (view refreshes). The first time an Event View is opened, a database query will be run if the Event View is empty. Otherwise, database queries are run only when a view is manually refreshed or when the properties of the view are modified. When an Event View is refreshed or an Event View's properties are modified, a database query is run and events from the database, as well as those streaming in, will be displayed. Records in Event Views are generically referred to as "Events." Events originate from several sources: •Event log entries collected from Windows-based systems. •Syslog messages received from Syslog clients. •SNMP Traps received from SNMP-capable systems and devices. •ELM Server generated Events. An Event View has two display modes: •Detail Event View mode (default) which shows each event on a single line in the Event View. •Summary Event View mode displays a summary roll-up (i.e., count of events). This Event View display mode is very useful to determine the busiest events across multiple systems by sorting on the Count column heading. ELM comes pre configured with a variety of Event Views and are sorted into logical groupings. Event Views beginning with All represent general events grouped by type or protocol. Names can be modified for the requirements of a specific environment.
Notifications
When the Notification Method is applied to the Event View, the events that are displayed are what you will get notified on.
Pausing Event Views On busy servers, thousands of events can stream into the Event View making it difficult to read a specific event. Pause the Event View to get more detail on the event or to exclude the event from the Event View. Excluding Events Select the event that you want to exclude.
Create View
Select an event in the Event View, select Create View to automatically create an Event Filter and navigate through the Create Event View Wizard.
Create Filter
Select an event in the Event View, select Create Filter to automatically create an Event Filter and navigate through the Create Event Filter Wizard.
Event View Properties
Right click on the Event View and select Create Editor Report to get an ELM Editor Report based upon the query that makes up the Event View. The ELM Editor Report will retain the Event View display mode and Event View Settings that have been configured. Working With Event Views When working with Event Views, please be aware of the following: •The MMC can maintain only one customized set of columns for all standard Event Views and one customized set of columns for all Event Views that use the Security View style. This means that changes made in one Event View will be reflected in the other Event Views that use the same style. Opening an Event View with a different security style setting will reset the customized display to show all available columns in both types of Event Views. If this happens, you can restore a previously customized Event View by closing and re-opening the ELM Console. Make sure to select No when prompted to Save the current console settings. If you select Yes, the previous customizations will be lost. •To conserve MMC resources, dynamic updating can be disabled via the ELM Server applet in Windows Control Panel. •Use the ELM Database Settings Retention Policy to configure deleting and archiving of Event records. |
