You can create a new report definition based on the report definitions included in existing Sentinel reports or from those reports you imported to the system.
NOTE:You cannot create a report from a user created report.
You can create a report by using the desired parameters such as a From and a To date, add additional criteria to the existing report, and save the report definitions with a unique name.
Use the following procedure to create a report:
Log in to the Sentinel Web interface as a user with the Manage Reports permission.
In the panel, select the report definition from which you want to create a new report.
Click .
To create a report, specify the following parameters:
|
Parameter |
Description |
|---|---|
|
Report name |
Specify a unique name for the report. The name should not exceed 200 characters. |
|
Based on |
Select the base report from which you want to create the report. You can view a sample report by clicking the button. |
|
Description |
Sentinel automatically displays the description based on the report you selected. You can edit the default description. |
|
Criteria |
Sentinel automatically populates the criteria based on the report you selected. This criteria is not editable. |
|
Additional Criteria |
Specify additional search criteria to the existing criteria. To define additional criteria click . To define criteria from available system objects containing criteria, click . The criteria that you define here is appended to the existing criteria. |
|
Targets |
Select the source computers on which you want to run the reports by clicking the link. You can select the targets only if Sentinel is configured for distributed search. For more information, see |
|
Additional Criteria |
Specify additional criteria to refine the results. The criteria that you specify here can be edited while scheduling the report. If you specify , Sentinel displays the name at the end of the report results. NOTE:This parameter is not available for all reports. |
|
Time Zone |
Specify the time zone with which you want to populate the report. When you schedule the report, Sentinel displays this time zone in the report data. For example, if the time zone is set to US/Pacific-New time, the report data displays the selected time zone. By default, it displays the time zone that is set in the client system. NOTE:This parameter is not available for all reports. |
|
Date Range |
If the report includes time period parameters, choose the date range. All time periods are based on the local time for the browser. The and the automatically change to reflect the option you selected.
|
|
Group By |
Group the events according to specific event field by selecting the event field from the drop-down list. NOTE:This parameter is not available for all reports. |
|
Language |
Select the language in which you want the report labels and descriptions displayed. The possible values are English, French, German, Italian, Japanese, Traditional Chinese, Simplified Chinese, Spanish, or Portuguese. The default value is the language with which the current user logged in, if that language is supported by the report. If the report does not support the language, the report’s default language (typically English) is used. Sentinel displays the data in the report in the language that was originally used by the event source. |
|
Email to |
Specify an e-mail address in the field. If you want to email the report to more than one user, separate the e-mail addresses with a comma. |
|
Result limit |
Specify the number of results you want Sentinel to display or store when you schedule the report. By default, 1000 results are stored. If you specify a value in field, the result limit is based on grouping. |
Click .