Event Graph Data Monitor
The data monitor type is chosen when you create a new data monitor. For information on how to create a data monitor, see Creating a Data Monitor.
This data monitor draws real-time diagrams of selected event activity. In effect, it does automatically and in real-time what you can do manually, as described in Graphing Attacks.
Note: The Zoom In, Zoom Out, and Fit Content options do not work with event graphs created after version 7.0. Scrolling works but can cause issues with large filter sets. To use these options with event graphs, you must enable the Use classic charts option in Global Preferences.
Parameter |
Description |
---|---|
Data Monitor Name |
A unique name for the monitor. |
Enable Data Monitor |
Select this check box to "switch on" the monitor and collect data from the Manager. If cleared, the monitor is "off" and displays no data. Depending on the permissions associated with the user group to which you belong, you may or may not have an option to Enable (deploy) or disable (un-deploy) the data monitor. For more information, see Enabling or Disabling a Data Monitor. |
Restrict by Filter |
Choose a filter resource with which to restrict the events that the graphic includes. |
Availability Interval |
Set the number of seconds to use as the interval between monitor updates. |
Select Field Set |
Specify a field set for use in data monitor drill-downs. When this data monitor is displayed, the user can double-click on a chart area or table row that represents an event to bring up a drill-down channel for that event. The field set specified here determines the columns (fields) shown in the drill-down channel. See also Monitoring Dashboards for information on data monitor drill-downs. |
Show Event Nodes |
Choose a basis for visually expanding or aggregating event nodes, relative to their source and target node instances. See Configuring Event Graphs for the option details. |
Max Event Count |
Set the greatest number of most-recent events the graphic can show. |
Show Source/Target Nodes as |
When one source-event target chains to another, you can choose to graph a source/target IP address as a single (simple) node, or to graph both the source and target instances of such an IP address (distinct). |
Source Node Identifier |
Choose an event attribute to use as the identifier for source nodes. The default attribute is Source Address. Note that while all attributes are available, not all are appropriate choices for this purpose. |
Event Node Identifier |
The fields that are available to use to uniquely identify the event type in a transaction. |
Target Node Identifier |
Choose an event attribute to use as the identifier for target nodes. The default attribute is Target Address. Note that while all attributes are available, not all are appropriate choices for this purpose. |