• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 23 subscribers
  • Views 349 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

ndepth query

skinnypuppy56

new to SW LEM and trying to figure out a way to drill into a file server from a few weeks ago, I'm trying to use nDepth from console and pick criteria correctly. is there a max of how far back I can go? I need to review data from 6/30/16

  • FormerMember
    0 FormerMember

    I don't think there's a max as long as you were logging that far back. A great LEM tech taught me how to go into nDepth and click Event Groups in the 2nd column of the screen, then click on the Any Alert Event Grop, then below that you'll see the Events/Fields that are common to all groups. Usually you will want to click and drag the "DetectionIP" event up to the top where it says Drag search items here, then you'll see that it creates an equal sign to the right of that Event and you can just type in your server IP there surrounded by asterisks (to the right of the pencil icon). For example it should say AnyAlert.DetectionIp = *.10.1.1.1* but wait theres more!! Way over to the right of that, to the right of the blue play/go button/triangle. Click the down arrow where it says Last 10min, then look closely and you can select a date range and below that you can specify exactly what time range!! Now the tricky part is just click that same down arrow again to make it take effect, then click the blue play/go/search button and you'll see a lot of info. But wait there's more!! Back over on the left in that 2nd Column, click the Refine Fields option with the blue filter icon and it will show you a count of each type of Event that has been logged for the currently queried info. You may also need to click the Result Details icon at the bottom center of your screen (2nd icon from the right down there... looks like a stack of disk cylinders with a page on top. But wait there's more!! You can click and drag those Refine Fields sections up and drop them to the right of your existing query fields and click that blue search button again and it'll show you exactly those results. Feel tha POWER!! LOL Make sure to give me a million points please!!

  • 0

    When did you start logging to LEM? as said just in the comment above, As long as you were logging that far back then you should be able to reach that date.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.