Previous Topic: Useful CustomizationsNext Topic: Incoming or Outgoing E-mails

iConsole User GuideSearching for EventsCustomize a SearchUseful CustomizationsBulk Audit Duplicate Events

Bulk Audit Duplicate Events

Often, the same events are ingested into the CMS from multiple Policy Engines, and are displayed as multiple duplicate rows in the iConsole. You can customize a standard search to list duplicate events with specific criteria, and group these duplicates together.

A de-duplication search saves you the effort of identifying and handling duplicate events. You create and run your custom search, select a parent event, and apply audit actions (including print, review, escalate) to its child events in bulk.

Follow these steps:

  1. Go to the Review tab and click the Searches link.

    The Searches page lists the available searches.

  2. Click the Actions button on the Standard Search.
  3. Click Edit Properties create a customized Standard Search.

    The Search Properties screen displays.

  4. Open the Settings tab.
  5. Specify Rollup Key search criteria by selecting one or a combination of the following Available Items:
    Time Stamp

    Lists similar events with the same time stamp as duplicates.

    Subject

    Lists similar events with the same subject as duplicates.

    Users

    Lists similar events with the same user as duplicates.

    Policy ID

    Lists similar events with the same Policy ID as duplicates.

    Pre-Defined (From Database)

    Lists events that match on EventTimeStamp +/- 30 sec, subject, sender, and trigger count. This pre-defined search requires you to create a custom scheduled task to identify duplicate groups of events, and to insert those groups of records into the Wgn3RelatedEvent table.

  6. (Optional) Specify other search criteria for your standard search.
  7. Click Save, and enter a name and description.

    Your custom de-duplication search is added to your Searches list.

More information:

Available Searches