Use the explorer utilities in SEM to search or analyze nDepth query results

This section describes how to open the explorer utilities in SEM. The explorer utilities are available from Monitor view, the Explore > nDepth view, and the Explore > Utilities view.

About the Explorer utilities

SEM includes the following Explorer utilities:

  • Event
  • nDepth
  • NSLookup
  • Whois
  • Traceroute
  • Flow

See Utilities view in the SEM console for documentation about each explorer. For the Flow utility, also see Collect and view NetFlow and sFlow data in SEM.

Use these explorers to investigate event details in your nDepth search results. For example, you can investigate a suspicious IP address with the NSLookup, Traceroute, or Whois explorers to better understand who the IP address is assigned to.

Open the explorer utilities from the nDepth view to investigate event details

  1. Run a search in nDepth. See Search normalized data using nDepth search in SEM or Search raw log messages using nDepth search in SEM for help.

  2. Select a results entry, and then click the Explore menu to choose an explorer utility.

  3. Type the event details into the appropriate explorer field, and then click Search or Analyze (depending on the type of explorer you chose).

Open the explorer utilities from Monitor view or the Utilities view

You can manually explore an IP address, host name, or domain name by opening an explorer in Monitor view or the Utilities view.

  1. Open the SEM console. See Log in to the SEM web console for steps.

  2. On the SEM toolbar, navigate to Explore > Utilities, or click Monitor.

  3. To choose an explorer utility, click the Explore menu in the upper-right corner.

  4. Type the event details into the appropriate explorer field, and then click Search or Analyze (depending on the type of explorer you chose).