6.1 Running Reports

You can run and schedule the report definitions that are saved in the system. You can also view the report results of the report definitions.

The Report Viewer pane of Sentinel Log Manager page displays all the report definitions in the system. Reports run asynchronously, so users can continue to do other things in the application while the report is running.

The user can run a report by using the desired parameters (such as a start and an end date), and can save the report results with a desired name. After the report runs, the results can be viewed by clicking on the View button located next to the relevant report result list. If the report format chosen is Jasper Report, then the results are displayed as a PDF. If the report format chosen is Search report, then the results are displayed at a new search results tab in the Search Dashboard on the right side of the Sentinel Log Manager user interface.

If the server was restarted while a report was processing, you see buttons to cancel or restart the report. If you restart the report, it uses the same parameters used at the first time. If the report was run with a relative time setting (such as Last 12 hours), the time period for rerunning the report is based on the current date and time, not the date and time when the report was initially run.

Use the following procedure to run a report:

  1. In the Report Viewer pane, select the report you want to run, and click the Run button located on top of the first Report Definition.

    When the report definition runs, a Run Report Name screen is displayed that allows you to change the parameters to run a report (for example, report name, start date, and end date). The Sentinel Log Manager also allows you to schedule a report to run at regular intervals.

  2. Set the run options for running the report.

  3. Specify a name to identify the report results.

    As the username and time are also used to identify the report results, the report name need not be unique.

  4. To run a search report, specify the following parameters:

    Parameter

    Description

    Maximum Results

    Specify the maximum number of event search results to include in the report.

    Durations

    If the report includes time period parameters, choose the date range. All time periods are based on the local time for the browser.

    • Last 1 hour: Shows events of the last 1 hour.

    • Last 12 hours: Shows events of the last 12 hours.

    • Last 24 hours: Shows events of the last 24 hours.

    • Last 7 days: Shows last seven days of events.

    • Last 30 days: Shows events of last 30 days.

    • Last 60 days: Shows a month of events, from midnight of the first day of the previous month until 11:59 p.m. of the last day of the previous month.

    • Last 90 days: Shows the last 90 days events.

    • Whenever: Shows all events stored in the system.

    • Custom Date Range: If you selected Custom Date Range, set the start date (From Date) and the end date (To Date) for the report.

    If any of the other settings is selected for the report type, these time settings are ignored.

  5. To run a JasperReport, specify the following parameters:

    Jasper Reports may also have number of additional parameters defined when creating the Jasper Report. To view the description for an additional parameter via a tooltip, hover the mouse over the parameter names on the Run Report form.

    Parameter

    Description

    Help

    Click Help to open the doc_plugin.pdf and to read the getting started notes for the selected JasperReport.

    Maximum Results

    Specify the maximum number of event search results to include in the report.

    Language

    Choose the language in which the report labels and descriptions should be displayed. The values are English, French, German, Italian, Japanese, Traditional Chinese, Simplified Chinese, Spanish, or Portuguese.

    The default value will be the language with which the current user logged in, provided that language is supported by the report. If the report does not support the language, then the report’s default language (typically English) will be used.

    The data in the report is displayed in the language it was originally used by the event source.

    Date Range

    If the report includes time period parameters, choose the date range. All time periods are based on the local time for the browser.

    • Current Day: Shows events from midnight of the current day until 11:59:00 p.m. of the current day. If the current time is 8:00:00 AM, the report shows 8 hours of data.

    • Previous Day: Shows events from midnight yesterday until 11:59:00 p.m. yesterday.

    • Week To Date: Shows events from midnight Sunday of the current week until the end of the selected day.

    • Previous Week: Shows last seven days of events.

    • Month to Date: Shows events from midnight the first day of the current month until the end of the selected day.

    • Previous Month: Shows events of a month, from midnight of the first day of the previous month until 11:59:00 p.m. of the last day of the previous month.

    • Custom Date Range: Shows events of a period whose start and end date are chosen.

    If any of the other settings is selected for the report type, these time settings are ignored.

    Minimum Severity

    Specify the minimum severity value of the events to be displayed. The default value is 0.

    Maximum Severity

    Specify the maximum severity value of the events to be displayed. The default value is 5.

  6. If the report needs to be mailed to more than one user, enter their e-mail addresses, separated by a comma, in the Email Report to field.

    To enable mailing reports, configure the mail relay under Rules > Configuration.

  7. Click Run.

    A report results entry is created and mailed to the chosen recipients.