Administration Guide › Suppression and Summarization › Suppression and Summarization Rules Tasks › How to Create a Summarization Rule
How to Create a Summarization Rule
You can use summarization rules to combine certain native events of a common type into one refined event. This lets you save space in your event log store and simplifies event analysis.
For example, you might create a summarization rule that records a single refined event for every three failed login attempts by a single user. This means that your event log store records only one event rather than three.
The process of creating or editing a summarization rule using the summarization rule wizard has the following main steps:
- Opening the summarization rule wizard.
- Summarization Thresholds - Setting the number or frequency of native events that you want to make up a summarized event.
- Event Selection - Identifying an event to summarize, using the CEG normalization attributes and optional advanced filtering.
- Summarization - Controlling how the final summarized event will be presented in your reports.
Note: Once you have created a summarization rule, you must apply it to make it available for use in your environment.
More information:
Open Summarization Wizard
Set Summarization Thresholds
Configure a Summarization Display
Using Advanced Filters
Apply a Suppression or Summarization Rule
Copyright © 2013 CA.
All rights reserved.
|
|