Filter By Time; Use Only Firing Events; Maximum Number Of Rows Returned - Cisco CS-MARS-20-K9 - Security MARS 20 User Manual

Queries
•
The number of bytes transmitted in sessions that contain events that meet the query criteria.
•
Most current results appear first.
•
Largest number of incidents appear first.

Filter By Time

•
The present time minus the number of days, hours, and minutes entered.
•
Absolute literal time ranges defined by the date to the minute.
•
Streams rolling real-time results from recent past to current time. Result Formats that work in real time
are:
Raw Messages, page
Real Time results appear in a normal browser window. Moving the scroll bar stops the "rolling"
behavior. Clicking the Resume button on the bottom of the page allows the scrolling to resume.
Figure 20-10
1
3

Use Only Firing Events

Select this if you want only events that fired incidents to return information.

Maximum Number of Rows Returned

Select the number of rows that you want displayed.
User Guide for Cisco Security MARS Local Controller
20-8
Bytes Transmitted
Time
Incident Count
Last
Start/End
Real Time
•All Matching Sessions, page
20-7.
Click the Resume Button to Start the Page Rolling
1 3
2 4
Top row visible
Total rows queried since start
20-7, •All Matching Events, page
2 Bottom row visible
4
Number of new queries pulled when this page
last refreshed per the Page Refresh Rate
setting on the Query/Reports > Batch Query
page.
Chapter 20 Queries and Reports
20-7, and •All Matching Event
78-17020-01