To view events stored in traditional storage, you must first create an event view. To create and view events in event views, you must have the Create and use Event Views permission.
To create an event view:
Log in to the Sentinel Main interface.
Click Real-time Views > Events > Create.
Specify the following information:
Name: Specify a unique name for the event view.
Sharing: Select either of the following options:
Public: Allow everyone to view the event view. In the Public mode, other users can only view the events but cannot modify the event view. You are still the owner of the event view.
Private: Only you are able to view the event view.
Criteria: Specify the criteria to view specific events.
Event Attribute: Select the attribute based on which you want to categorize the event data.
Tenant: If you are in a multi-tenant environment, select a tenant name for which you want to view events. The default tenant allows you to view events from all tenants. If you select a tenant, only users of that tenant can view the events in this event view.
This option is available only if you are an administrator in a multi-tenant environment.
Chart Type: Specify the chart type in which you want to view the event data.
Y Axis: Select either of the following options:
Event Count: Displays a graph with number of events for the specified time range.
Event Count per Second: Displays a graph with event rate for the specified time range.
Time range: Select the time range for which you want to view the event data.
Display Interval: Select the time interval between two data points.
Click Save to save the event view configuration.
To view an event view:
Click Real-time Views > Events.
Select the event view and click Open the event view.
Sentinel provides a graphical representation of events for the specified criteria. The chart automatically refreshes after the interval specified in Display Interval.
As you are viewing event data, you can perform the following actions in the chart:
Mouse over the data points in the chart to view the number of incoming events or events per second for a specific timestamp.
Click any category in the legend to filter the view by the legend items.
Click and drag the mouse to zoom the view for a specific time range.
The event view enables you to view only the summarized event data. To view the event details or perform any event operations, you can do either of the following:
Click a specific area in the chart to open the Search interface with the list of events represented in that area.
Click Search Events.
For information about viewing event details and performing event operations, see Viewing Search Results and Performing Event Operations.