Table of Contents
Advertisement
4 Click Apply.
Clicking Apply saves the changes you made for the currently selected event tag in a temporary
buffer. If you don't click Apply, the changes you made to the previously selected event tag are
lost when you select a different event tag. Changes aren't saved to the server until you click
Save.
5 Click Save.
Clicking Save saves the changes to the server. The save function saves all changes stored in the
temporary buffer.
6 In order for changes to be visible in Sentinel Control Center, close and reopen any Sentinel
Control Centers that are running.
10.9 Report Data Configuration
The Report Data Configuration option allows you to enable and disable summaries or aggregate
tables in the Sentinel database. Enabling a summary allows aggregation to start computing the
counts for that particular summary and shortens the execution time for any report that uses the
summary table. Sentinel Top 10 reports use summary tables.
A summary is a defined set of attributes that make up the key for which to compute the number of
unique occurrences (event count) by each hour time period (event time). For
EventSevDestPortSummary, it saves the count of events for each unique combination of destination
port and severity for an hour. These saved computations of the event data allow for quicker
summary reporting and querying. Certain summaries need to be active in order for the summary
reports to be accurate.
Aggregation is the process of calculating the running count for all active summaries as events flow
through the system. These running counts are saved to the database in the summary tables.
Summaries Benefits:
Greatly reduced event data set
Conformed dimensions that allow the ability to drill down, roll up and drill across on event data
Summary reports run much faster with precomputed summaries
Aggregation Benefits:
Only processes active summaries
Does not affect event insertion into the real-time database.
254 Sentinel 6.1 Rapid Deployment User Guide
Advertisement
Table of Contents
