Unfortunately, there's no functionality that allows you to customize the "out of box" reports. However, since you mentioned nDepth, why not use that? You can save your search (query) and then export the results which will include a number of different ways to represent your data visually. You can even schedule those queries to run although I haven't found the need for that feature quite yet.
I'm going to argue with qle: You can customize the out-of-the-box Reports in the Reports console.
Say, for example, that you want authentication events for a specific user.
- Run Reports
- Run an Authentication report (I'm using Authentication - Log On/Off/Failure) for something like a ten minute span
- When it completes, click the Select Expert icon (a green funnel)
- When the box pops up, click "New" to add your first filter. You'll be presented with a list of all the fields in the report. For your example, I'd pick the AUTHAUDIT_1.DESTINATIONACCOUNT and add that.
- This'll take you back to the Select Expert box. Pick the operator "Is Equal To" and in the box, type the username you want to search for.
- Your report may go blank if the user you want didn't occur in the last 10 minutes. No sweat! Press F9 and you'll be prompted to change the time range. Run the report.
- TA DA! A report for one user's authentication events. You can hit Export and save it in the Crystal Reports format to keep a version of the report with your filters baked in for future use.
The same sort of logic would apply to any report with user-names in it, though you may have to explore what fields contain what.
You can also use Crystal Reports to customize the OOtB reports: SolarWinds Knowledge Base :: Creating a Custom Report for LEM 5.6 and newer
I also cover something similar for FIM in this YouTube video: Solarwinds Log and Event Manager - Configuring FIM and Analyzing FIM Data - YouTube
That's brilliant! Exactly what I was hoping to get!
Thanks for the v. useful guide, we have a LEM in a multi-domain environment and have been struggling to schedule custom reports for each domain. Rather than use the "Is Equal To" operator I used the "Starts With" operator for filtering the report to pickup agent events for a particular domain. After exporting the filtered report as Crystal Reports, i was then able to manually create a scheduled task to run the custom report as needed:
1. Export filtered report to Crystal Reports format.
2. Copy the schedule report INI file and manually update the relevant parameters including the name of the report to run and the export options.
3. Create a basic task (in Task Scheduler) to run a schedule report using the custom report INI file.
4. Sit back and enjoy.
I've created a separate folder for all my custom reports sorted by each domain and creating separate scheduled tasks for each report, I may look at bunching daily/weekly reports for each domain into separate batch jobs to simplify scheduling.
The above is a bit of a long-winded workaround, but without purchasing Crystal Reports XI R2 ($600) I don't see any other way for creating custom reports which has been a major headache with using LEM in a multi-domain environment (and without having to install a separate manager appliance for each domain).
Thanks a lot!
Another option would be to use something like LANGuardian to capture the user information\metadata from network traffic and then integrate this with your SolarWinds views. You can see an example of this at the link below
There is also a search feature where you can put in an IP or username and get a view of what they are doing on your network. There is an example of this at the link below or I also included a link to a short video which shows the integration in action.
There is a trial version of LANGuardian available if you wanted to test it out yourself
Hope this helps