Using and Creating All Index Reports

Use the All Index Reports screen to view a list of all saved searches for specific types of data based on search expressions and time intervals you defined.

1. From Search menu, select All Index Reports submenu.
2. Click Create Report to open the Properties window.
3. Select log sources from the right-hand pane. You can select sources by Appliance, and filter returns by Name, IP Address, Group or Type.
   • If you picked “Name”, enter a Source Name, a specific Device Name or a Name Mask. Wild cards are accepted in this field.
   • If you picked "Collector Domain", enter the name of the Collector Domain. This is the name used to identify each message sent from a specific device.
   • If you picked “IP Address”, enter a Source IP Address, a specific IP Address or an IP Address Mask. Wild cards are accepted in this field.
   • If you picked “Group”, enter a Group Name, or click the down arrow to the right of the text field and select “All” or one of the other Group names displayed in the drop-down box.
   • If you picked “Type”, enter a Source Type (a specific device type), or click the down arrow to the right of the text field and select “All” or one of the other Device Types displayed in the drop-down box
4. Click <<Add as a rule, and enter a name in the text field of the dynamic rule pop-up.
5. Click OK to add the selected source and filters to the left-hand pane.
6. On the right-hand pane select a device name (or names) from the list by clicking its name.
7. Click <<Add selected log sources to add devices from the selected source to which you want to apply the filters when running the report.
8. Click Columns and Filters to select the columns for your report and choose filters for your results. Click in the field under the Value column and enter a term for the filter (such as login, id, and so on). Then click in the field under the Operator column and pick an operator from the drop-down.
   Click Apply. The selected operator and value moves to the left-hand column.
9. Click Index Report Search Selections to select from the available expressions to be used in the report. If none are available, click New Expression... to add a new Boolean search expression for use in any Index Report.
10. In the Add Search Expression... popup that appears, enter Name, Description, Expression, and then click Sharing to define whether others can use or modify the new filter. Click Save.
    Note: Do not use < or > in your search expression as these are not valid characters.
11. Place a checkmark next to the new search expression and click << Apply Selections to add them to the left-hand pane for use in filtering your report. Then click Save As > .
12. Enter a name and description of the report in the pop-up. Select Share with others if desired. Click Save & Close. The new report appears in the list of all saved Index Reports.
13. Click in the Name field and enter a term to search for entries in the Saved Reports list. Hit Enter. Any term found in the list of report titles are highlighted; all other reports not containing the search term is no longer shown in the list of Saved Reports. Clear the search term in the Name field and hit Enter to see all Saved Reports again.
14. Click the Run icon in the Actions column. The Date and Time Range Picker pops up, with Last Hour as the default setting. Click the down arrow next to Last Hour to reveal several other options (Last 2, 3, 6, 12, 18, or 24 Hours; Today; Yesterday). Select the timeframe from the Date and Time Range Picker and click Run again to execute the report.
    On the results page, click Display Chart. Both Pie and Bar charts are available. The chart segments can be highlighted by moving the mouse pointer over them. Right-clicking on the chart or segments opens a print menu.