Viewing and Managing Collected Data

Customize views of your event and log data and how data is collected with ELM's powerful filtering capabilities such as whitelisting, blacklisting, includes & excludes, right down to the individual system level.

Event Views – Explore Your Data

Event Views group event logs and collected data from all systems being monitoring that match one or more Event Filters and bring it into the corresponding display.  These Event Views update and refresh in real-time as events are being collected, but can also be paused for research and analysis.

ELM is pre-configured with numerous Event Views which can be customized to your liking or new Event Views are easy to create and can be highly customized to display the exact information you want for viewing, notifications and alerts.

ELM’s pre-configured Views are broken down into three main categories:

  • Event Views – Some of the most commonly used views of data as well as specialized views for default monitoring items in ELM
    • All Events
    • Dashboard Status
    • Server & Agent Specific Events
    • PING Activity
    • Syslog and SNMP
  • Security Views – Specialized for security event activity with display columns customized to show important security information that can be buried in event data.
    • Audit Activity & Failures
    • Computer Account Changes
    • Logon/Logoff Activity
    • Network Logons
    • User Accounts
  • Correlation Views – Designed to monitor for unique event sequences including start and end events as well as start and time-out activity.
    • Point-to-Point Verification
    • Service Restart to Slow
    • Windows Reboot too Long

Filter & Search Event Views On-the-Fly

ELM’s new user interface provides the ability to drill down to specific events and logs on-the-fly with event criteria filtering of all visible columns as well as a dynamic predictive search feature.

Advanced Filtering Capabilities

ELM’s powerful filtering capability allows you to collect and view the data you want without spending ridiculous amounts of time sifting through thousands and thousands of records looking for the needle in the haystack.

Include and Exclude filters can be used together to support very complex situations and needs.  Each of the filter types can be built from an existing event that will pre-populate fields for you or they can be built from scratch if desired.

Filters in ELM apply to both Monitors and Views and can be reused throughout the product.

Types of Filters

There are three types of filters used through ELM.

  • Include Filters – Utilize a “Whitelist” approach and only collect or display matching events.
  • Exclude Filters – Utilize a “Blacklist” approach and collect or display everything except matching events.
  • Correlation Filters – Specialized format for matching event sequences and timeout options in Correlation Views.

Sample Event Filter

Matching Criteria

Filters utilize can any / all of these event fields.

  • Computer Name
  • Log Name
  • Username
  • Event Source
  • Event ID
  • Event Category
  • Message contains – (free form text)

Wild card operators (AND, OR, NOT) and partial matches are also supported.