Video Screencast Help

Advanced Reporting in IT Analytics Symantec Endpoint Protection Content Pack

Created: 11 Dec 2012 • Updated: 22 Nov 2013
Language Translations
dprager's picture
+10 10 Votes
Login to vote

This section will dive into advanced report creation in IT Analytics Symantec Endpoint Protection Content Pack using Microsoft Report Builder to create and publish a SQL Server Reporting Services report.

Report Builder is a component of SQL Server Reporting Services that allows ad-hoc reporting functionality, enabling end users to build their own reports and charts. Users can then publish these reports into Reporting Services where they can be accessed, viewed and incorporated back into IT Analytics alongside existing reporting.

NOTE: Although the output produced by Report Builder is integrated with IT Analytics, the tools and subsequent query language behind it are separate Microsoft entities and are thereby outside the default capabilities of the IT Analytics product itself.

Creating a Custom Dashboard

In this example we will create a custom dashboard that displays the number of alerts by virus threat type.

  1. Within the Symantec Management Platform console, navigate to: Settings > Notification Server > IT Analytics, then click on Reports in the left menu tree, then click the Report Builder tab and then the Launch Report Builder button. 

  1. Allow a few minutes for the application to load. Note that depending on which version of SQL Server you have, you may have a different version of Report Builder. This example covers Report Builder 3.0, which comes standard with SQL Server 2008 SP2 or higher. Note that while SQL Server 2005 meets the minimum prerequisites for installation of IT Analytics, it will only include Report Builder 1.0. If possible, Symantec strongly recommends using SQL Server 2008 SP2 or higher to take advantage of new features included in Report Builder 3.0 for a more robust custom report authoring experience. 

  1. From the Getting Started screen, select Blank Report, then click on the report body and in the Properties pane, expand Size and set the Width to 11in and Height to 8.5in.

  1. Click on the text ‘Click to add title’ and type in Symantec Endpoint Protection Alerts Dashboard.

  1. In the Report Data pane, right-click on Data Sources and select Add Data Source.

  1. Enter ITAnalytics as the data source name and select the ‘Use a connection embedded in my report’ radio button.

  1. Click on the dropdown for ‘Select connection type’ and select Microsoft SQL Server Analysis Services.

  1. Click the Build button in the Data Source Properties window.
  2. In the Connection Properties window, enter . for the Server name, select IT Analytics as the database and click OK. This assumes you are running Report Builder on the same server where the SQL Analysis Server is hosted. If not, specify that server and add in the appropriate credential information. 

  1. Click OK in the Data Source Properties window.
  2. Right-click on Datasets and select Add Dataset.

  1. In the Dataset Properties window, select the ‘Use a dataset embedded in my report’ radio button, click on the dropdown for Data source and select ITAnalytics.

  1. Click the Query Designer button in the Dataset Properties window.
  2. Click the cube selector on the upper left part of the Query Designer.

  1. Select SEP Alerts from the Cube Selection window.

  1. In the Metadata pane of the Query Designer window, expand Measures > Alerts.

  1. Drag the Alerts measure to the query pane.

  1. Drag and drop the Virus – Threat Type attribute to the query pane.

  1. Click OK in the Query Designer window and the Dataset Properties window to go back to the main report builder window.
  2. Click on Insert in the report builder menu and select Chart and Chart Wizard.

  1. In the New Chart window, select DataSet1 and click Next.

  1. Select Pie under Chart Type and click Next.

  1. From Available fields, drag Virus___Threat_Type to the Series pane and Alerts to the Values pane and click Next.

  1. Select Generic under the Styles pane and click Finish.

  1. Right-click on Chart Title and select Title Properties.

  1. Change Title text to Alerts by Virus Threat Type or something appropriate and click OK.

  1. Right-click on the legend area and select Legend Properties.

  1. In the Legend Properties, set the following settings:
  • Layout:  Column
  • Legend position:  Bottom, centered

  1. Click OK.
  2. Select the chart and in the Properties pane, expand size and set Width to 5in and Height to 3in.

  1. Preview the report by clicking the Run Report button in the toolbar and make any other adjustments.

  1. After selecting the Run Report button you will be presented with a preview of your report with realtime data.

  1. Select the Design button on the toolbar to return to the Design view.

  1. Click the  icon in the Report Builder toolbar to save this report to Reporting Services IT Analytics folder and name it ‘Symantec Endpoint Protection Alerts Dashboard’.

  1. To link this report into the Altiris Console Open the Altiris Console from the shortcut on your desktop then navigate to the Reports > IT Analytics > Dashboards folder.
  2. Right-click on the Dashboards folder and select New > IT Analytics Report.

  1. In the Report Type dropdown box, select Dashboard.

  1. In the Report Name dropdown box locate and select the report you just saved and click the Add Report button.

  1. Refresh your browser and expand the Dashboards folder.
  2. Locate and select the report you just added.

 

 

Optional - Adding Another Chart to the Dashboard

In this example we will add an additional report to the dashboard created in above.

  1. In Report Builder, repeat steps 11 to 19 from exercise 4 to create another Dataset, but instead of using the measure, Alerts in step 17 and the attribute Virus – Threat Type in step 18, use Computers for the measure and Alert – Source for the attribute.

  1. Repeat steps 20 to 30 to create a second chart.  Use Dataset2 for step 21 instead of Dataset1.  For step 23, drag Alert___Source to the Series pane and Computers to the Values pane.  For step 26, name the chart Computers by Alert Source.

  1. Move the newly inserted chart to the right of the Alerts by Virus Threat Type chart by dragging the chart using the move icon on the upper left corner of the chart.

  1. Click the  icon in the Report Builder toolbar to save this report.
  2. Open the Altiris Console from the shortcut on your desktop then navigate to the Reports > IT Analytics > Dashboards folder.
  3. Locate and the report you just updated.

 

Optional - Add a Date Range Selector (Advanced)

In this example we will add a date range selector to the dashboard created above.

  1. In Report Builder, right click on the Datasets folder and select Add Dataset.
  2. Specify dFrom for the name and select Use a dataset embedded in my report then select your data source from the dropdown list.

  1. Click Query Designer then click the  icon.

  1. Replace the SELECT statement with this one and select OK:

WITH

MEMBER  [Measures].[Date] AS 'CDate(Format(DateAdd(‘d’, -90, Now()), ‘yyyy-MM-dd 00:00:00’))'

SELECT [Measures].[Date] ON COLUMNS

FROM [SEP Alerts]

  1. Right click on the Datasets folder and select Add Dataset.
  2. Specify dTo for the name and select Use a dataset embedded in my report then select your data source from the dropdown list.

  1. Click Query Designer then click the  icon.

  1. Replace the SELECT statement with this one and select OK:

WITH

MEMBER  [Measures].[Date] AS 'CDate(Format(Now(), ‘yyyy-MM-dd 00:00:00’))'

SELECT [Measures].[Date] ON COLUMNS

FROM [SEP Alerts]

  1. Right click on the Parameters folder and select Add Parameter.
  2. Enter pFrom in the Name field,  Start in the Prompt field and Date/Time in the Data type dropdown then click on Default Values.

  1. Select Get values from a query and enter select  dFrom as the Dataset and Date in the Value field, click OK.

  1. Right click on the Parameters folder and select Add Parameter.
  2. Enter pTo in the Name field,  End in the Prompt field and Date/Time in the Data type dropdown then click on Default Values.

  1. Select Get values from a query and enter select  dTo as the Dataset and Date in the Value field, click OK.

  1. Right click on dataset1 and select Query, then click .

  1. Replace the SELECT statement with this one:

SELECT NON EMPTY

{

                [Measures].[Alerts]

} ON COLUMNS,

NON EMPTY

{

                ([Virus].[Virus - Threat Type].[Virus - Threat Type].ALLMEMBERS )

} ON ROWS

FROM ( SELECT ( STRTOMEMBER(‘[Alert Date].[Alert Date - Date].&[‘ + Format(CDATE(@pFrom), ‘yyyy-MM-dd’) + ‘]’) : STRTOMEMBER(‘[Alert Date].[Alert Date - Date].&[‘ + Format(CDATE(@pTo), ‘yyyy-MM-dd’) + ‘]’) ) ON COLUMNS

FROM [SEP Alerts])

  1. Click on the Parameters button .
  2. Enter the Parameters indicated below and ensure the default values are specified, click OK.

  1. Click OK.

  1. Right click on dataset2 and select Query, then click  

  1. Replace the SELECT statement with this one:

SELECT NON EMPTY

{

                [Measures].[Computers]

} ON COLUMNS,

NON EMPTY

{

                ([Alert].[Alert - Source].[Alert - Source].ALLMEMBERS )

} ON ROWS

FROM ( SELECT ( STRTOMEMBER(‘[Alert Date].[Alert Date - Date].&[‘ + Format(CDATE(@pFrom), ‘yyyy-MM-dd’) + ‘]’) : STRTOMEMBER(‘[Alert Date].[Alert Date - Date].&[‘ + Format(CDATE(@pTo), ‘yyyy-MM-dd’) + ‘]’) ) ON COLUMNS

FROM [SEP Alerts])

  1. Click on the Parameters button .
  2. Enter the Parameters indicated below and ensure the default values are specified, click OK.

  1. Click OK.

  1. Click the  icon to save your report.
  2. Return to your dashboard in the SMP Console and adjust the date range to modify the result set (seen at the top of the report).