The data monitor type is chosen when you create a new data monitor. For information on how to create a data monitor, see Creating a Data Monitor.
The Last N Events data monitor orders events based on its configuration. In the Table Viewer, the monitor displays the most recent events by Priority, Event Name, Protocol, and Category. With the BarChartTable configuration, the order is by Priority and Event Name. The PieChart configuration is ordered by Priority.
Note: If your Last N Events data monitor includes a column that displays the annotation stage, that column is not updated when an analyst later changes an event's annotation stage. Data monitors are designed to display events as they flow in for the first time. For annotation updates, Micro Focus recommends using query viewers, which are configurable to re-query the database, then add the query viewer to the dashboard.
|
Parameter |
Description |
|---|---|
|
Data Monitor Name |
Type a data monitor name. |
|
Enable Data Monitor |
Select the check box to enable the data monitor and collect data from the Manager. If not selected, the associated viewer configuration will not display any data. Depending on the permissions associated with the user group to which you belong, you may or may not have an option to Enable (deploy) or disable (un-deploy) the data monitor. For more information, see Enabling or Disabling a Data Monitor. |
|
Availability Interval |
Set the number of seconds to use as the interval between monitor updates. |
|
Restrict by Filter |
Choose a filter resource to use as an additional restriction on the events displayed. |
|
Select Field Set |
Specify a field set for use in data monitor drill-downs. When this data monitor is displayed, the user can double-click on a chart area or table row that represents an event to bring up a drill-down channel for that event. The field set specified here will determine the columns (fields) shown in the drill-down channel. (See Monitoring Dashboards for information on data monitor drill-downs.) |
|
# of Events |
Specify how many events the data monitor displays. |
|
Field Names |
Choose field names to include in the data monitor display. By default, the data monitor includes EventName, EventCategory, ArcSight Severity, and Protocol fields. You can select additional fields or remove currently selected fields by Shift or Ctrl-clicking field names in the drop-down list. |
As an example, you could design a Last N Events data monitor that displays the latest N events that meet the condition specified in the dashboard definition.