Video Screencast Help

SSIM Event Query - Column Profiles/Templates

Created: 28 Mar 2013
JH-Analyst's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Almost every single time I perform an event search in SSIM, the columns visible in the table are excessive or in a strange order that makes the output confusing and a pain when viewed as a CSV. When performing this task dozens of times per day, you can see how it is unreasonable to re-configure the columns for every search.

I have also considered the option of creating pre-built published queries that already have the columns I would like for specific "types" of searches, such as user activity, host activity, etc. The downside is that in order to use them, you have to switch to the Event tab and select them, change the criteria to the desired scope (user, host, etc.) and then perform the search. Many times, I right-click a user or host and select "Search Activity" to speed up the search query, which eliminates the chance of using a published template.

Idea - Create pre-defined profiles of columns AND their order

What if, instead, the ability existed to create "Column Profiles" that you could access by a button on any of the event search table views (similar to the columns button itself) and select a pre-defined profile or template of columns, these custom column configurations could be used at any time, and from any search task. I am dying for a feature such as this, but if anyone has techniques they use for this similar problem, please do share.

I've been considering how to modify the properties files or customize things in other ways in order achieve similar results, but have been unsuccessful.