Specifying the Source Node Identifiers
Source node identifiers are “group by” attributes. For example, if you select only Category Behavior for this field, events are grouped by category behavior. Each block in the hierarchy map represents a different type of category behavior (for example, /Authentication
, /Authentication/Verify
, /Execute Response/Informational
, and so forth). If you select both Category Behavior and Target Address here, each block in the hierarchy map represents events with the same category behavior on the same target system (IP address or host name).
To specify one or more Source Node Identifier (Group By) fields:
- Click in the Source Node Identifier field, then click the button to open the Field Selector dialog.
- Specify the fields by which you want to group events or objects by clicking Available Fields checkboxes, which adds them to “Fields to Show”. .
- Click up/down arrows to re-order fields.
-
To remove a field, select it under Fields to Show and click the delete button .
For example, we can group by Category Behavior, Category Significance, and Target Address, which provide meaningful groups (events with the same category behavior, significance, and target address), and give us some interesting label, size, and color display options for mapping significant events and targeted systems on the data monitor.
Hierarchy Levels and Group Delimiters
You can specify how many levels of hierarchy you want to display for a field group by specifying one or more (a group of) delimiters and the maximum depth of hierarchy to display. For example, if you have a field value, http://www.foo.com
, for which you have specified the depth level (Max Depth) as 2 with delimiters set to a group (consisting of ://.
), you see:
-
First level:
http://
-
Second level:
http://www.foo.com
For the same example, if you set the Max Depth to 3, you get:
-
First level:
http://
-
Second level:
http://www
-
Third level:
http://www.foo.com
To select a field to display and set its hierarchy depth level:
-
Open the Hierarchy Map Field Selector dialog by clicking the browse button that is displayed when you click in the Source Node Identifier field.
-
To add a field, check (click) the check box next to the field in the Available Fields scroll box. As you select a field, it is displayed in the Fields column in the “Fields to Show” table on the right side of the dialog.
-
Double-click the Delimiter column for the field you just selected and enter one or more delimiters based on which you want to show the hierarchy depth.
By default, a forward slash (/) is set as the delimiter. To set a single level of hierarchy, delete the “/” and do not specify any delimiters. Also, set the Max Depth (as explained in the next step) to zero for that field. If you set a comma (,) as a delimiter, the hierarchy in the panel displays a backslash (\).
-
To specify the depth of the field hierarchy within a field, double-click the Max Depth cell for the field.
Note: Negative integers are not allowed. If you enter a negative integer, it defaults to -1 which represents a depth level equal to the number of delimiters in the field.
If you leave this field blank, it defaults to a depth level equal to the number of delimiters in the field and -1 is displayed in the Max Depth column.
To display the whole field as a single level of hierarchy, set the Max Depth value to 0.