Administration Guide › Queries and Reports › About Queries and Reports

About Queries and Reports

You can use queries in the following ways:

• You can run a query to view event or incident data in near-real time.
• You can select a predefined report to view results of multiple related queries.
• You can create a report composed of queries you select.
• You can use prompt queries to search for specific preselected information.
• You can schedule queries to run on recent data as action alerts that notify responsible parties through email. Action alerts are also added to an RSS feed that can be viewed using third-party readers.
• You can create your own queries for viewing, reporting, or creating action alerts.

There are two types of queries and reports:

• Subscription queries and reports are predefined by CA and come with the CA Enterprise Log Manager application at installation or are added with a subscription update.
• User queries and reports are those created by a user. You can create a query or report from scratch or you can create one based on a subscription query or report that you want to modify.

CA Enterprise Log Manager offers a comprehensive list of queries and reports by subscription. If you are assigned a role of Auditor, Analyst, or Administrator, you can view all Subscription queries and reports. In addition, you can take the following actions on any subscription query or report you are viewing:

• Refresh the displayed data
• Edit local filters to hide the data you do not want to view.
• Clear the local filters to re-display the unfiltered query or report.
• Add the displayed query or report to your list of favorites.
• Print the query
• Change the option to show the selected query or report
• Close the displayed query or report

Only users who are assigned a role of Analyst or Administrator can take the following actions:

• Create a new User query or report from scratch
• Copy a subscription query or report and use it as the basis for a User query or report.
• Edit a User query or report
• Export a User query or report
• Delete a User query or report
• Save changes to the selected User query or report
• Import a User query or report definition

Example of Queries and Related Report

Consider the query tag Firewall Activity by DMZ. Notice that it is associated with six separate queries on this topic.

The queries you view on the query list are used in reports. From the Reports tab, you can display a report called Firewall Activity By DMZ.

The following illustration shows just the names. Notice that each name reflects one of the six queries in the report. Most reports include query results for summary, trend, and detail.