Documentation forSecurity Event Manager

Filter and monitor events in Live Mode

Switch the SEM Events Console to Live Mode to monitor events as they occur in your environment. This is particularly useful when troubleshooting active network problems. You can apply "live" filters to target and identify issues using the Filters pane and Live filter keywords, and then conduct a historical log search for additional event analysis.

Live Mode also reconciles device polling gaps by processing and correlating a consistent stream of log event data.

  1. In the SEM Events Console, switch to Live Mode.
  2. In the Filters pane, select an event filter.
  3. In the Live Filter field, enter one or more keywords. The Live filter updates the event stream as you type. Do not click the Historical Search button.

Live events continue to stream into the viewer table, but only records meeting the defined search criteria are visible. Adjust the filters and keywords at any time to monitor different event groupings.

  1. Click an individual event in the event stream to view additional information in the Event Details pane.

As you scroll through the event log table or select an individual event, the console enters Paused Mode, so new events will not stream into the viewer until you return to Live Mode. However, when you are in Paused Mode, the number of new live events matching your filter criteria appear next to the selected search filter.

You can also move out of Live Mode and apply the same search criteria to your historical records for additional reference.

The SEM Events Console supports the * wildcard for real-time and historical searches.