Documentation forSecurity Event Manager

Filter and monitor events in Live Mode

Switch the SEM Console to Live Mode to monitor events as they occur in your environment. This is particularly useful when troubleshooting active network problems. You can apply "live" filters to target and identify issues using the Filters pane and Live filter keywords, and then conduct a historical log search for additional event analysis.

Live Mode also reconciles device polling gaps by processing and correlating a consistent stream of log event data.

  1. On the SEM Console, go to Live Events.
  2. Toggle to Live Mode.
  3. In the Filters pane, select an event filter.

  4. In the Live Filter field, enter one or more keywords. The Live filter updates the event stream as you type.

Live events continue to stream into the viewer table, but only records meeting the defined search criteria are displayed. Adjust the filters and keywords at any time to monitor different event groupings.

  1. Click an individual event in the event stream to view additional information in the Detail pane.

As you scroll through the event log table or select an individual event, the console enters Paused Mode, so new events will not stream into the viewer until you return to Live Mode. However, while you are in Paused Mode, the number of new live events matching your filter criteria appear next to the selected search filter.

The SEM Console supports the * wildcard for real-time searches.