1. Do one of the following:
l In the Monitor view’s event grid, select the event row or field you want
to explore.
l In the Event explorer’s Event Details pane, event map, or event grid,
click the item or field you want to explore.
l In an explorer, select the data source you want to explore.
2. In the Explore menu on the Event grid, click nDepth.
The Explore >nDepth view appears, and the nDepth search box contains the event or event field you are exploring.
When you initiate an nDepth search from the Monitor view, nDepth automatically searches all hosts and sources for every instance of the selected event field that has occurred within a ten-minute period around the event you are exploring. This way, you can identify similar events that occurred before and after the event you are exploring.
The following table describes the key features of the Explore >nDepth view.
Name Description
History but- ton
Alternately hides and opens the History and Saved Searches panes.
History pane Shows recent Explore activity. This pane is shared between the Utilities view and the nDepth view..
Saved Searches pane
Lists any searches that you have saved. To begin using one of these searches, click it to run that search. You can edit, sched- ule, and save changes to your saved searches. You can also save variations on these searches as new searches.
nDepth explorer
Use this window to create and run your searches, and to view, explore, and respond to your search results.
Name Description
Undo/Redo Click the Undo button to undo your last action. You can undo up to 20 actions.
Click the Redo button to redo a step that you have undone. You can redo up to 20 actions.
Respond Use this menu to initiate a response to a particular event, event, or data field.
Explore Use this menu to explore a particular data field with another explorer.
Click the gear button to do any of the following:
l Click Save to save any changes to the current search. l Click Save As to save the search for later use.
l Click Schedule to create a scheduled search.
l Click Delete Schedule to delete a scheduled search. l Click Export to export nDepth's current search results to a
PDF document. Search bar Use the search bar to:
l Select the type of data you want to explore—event data
(default) or the original log messages.
l Select the mode for configuring searches—drag and drop,
or text entry.
l Configure and select the search's time frame. l Run the search.
l Stop a search that is in progress.
List pane The list pane is the “accordion” list on nDepth's left side. It contains categorized lists of items that you can use when configuring search conditions. To use a list item as a search condition, double-click it, or drag it from the list into the search bar. You can also drag these items into the Search Builder to
Name Description quickly configure complex searches. Two of these lists appear only in nDepth:
l The Refine Fields list categorizes and lists the primary
data details that are found in your nDepth search results. You can use these details to create, refine, or append nDepth searches.
l The Managers list includes each Manager and appliance
that can be used with nDepth for searching data.
Histogram Shows the number of events or log messages that were reported within a particular period. You can expand or reduce this period, as needed. You can also zoom in to a period to take a closer look, or zoom out to see high-level activity.
Explorer Shows different graphical and text-based views of your search results, as well as a Dashboard view and the Search Builder. You can click items in each graphical view to search for those specific items. The title bar states which view is open, and the icon on the title bar indicates which type of data you are exploring:
means you are exploring event data. means you are exploring log messages.
Toolbar Use to select the nDepth explorer view you want to work in.
Scheduled Saved Searches
Saved searches can be scheduled to run automatically whenever you want. Scheduled Searches can also be shared between users.
To schedule a Saved Search:
1. Select a Saved Search from the Saved Searches pane . 2. Click the gear button and select Schedule.
4. Select the Start Date of the search. 5. Select the Create an event checkbox.
6. If you wish to send email, select the Send email checkbox, and then select the recipients from the drop-down list.
7. Click OK.
Note: If the virtual appliance is offline for some time (such as more than a day or two), the schedules that are run when the virtual appliance first comes back online may not run at the expected time. The schedules run at the next expected time after the appliance has been back online for a time.