Modifying the format of the event details table

Each column in the event details table represents one field from the event record. You can add, delete, and reorganize the columns in the table.

Note:
An event record may include several date fields. Most events have a single event date, which is the time when the event occurred (not the date when Information Manager captured the event). In this case, the Event Date value and the Ending Event Date value are identical.

If an event represents an aggregation of activity that takes place over a period of time, Event Date is the beginning of the time period, and Ending Event Date is the end time.

Occasionally the event service registers an event with an incorrect Event Date or Ending Event Date. In these cases, Information Manager corrects the times in these fields and inserts the original (incorrect) times in the Original Event Date and Original Ending Event Date fields.

To add, delete, and organize table columns

1. Right-click on a column heading, and then click Add Column.

   The Column Filter dialog box appears. The Selected Columns box shows all of the fields that are currently in the table.

   Occasionally a collector sends data to Information Manager that does not correspond to any fields that are defined in the existing schema. When this occurs, the Column Filter dialog box displays the raw field name from the collector, for example bugtraq_ids. This may also occur if a collector's SIP is not installed on the appliance.

2. Do any of the following actions:

   • To add a column, click a field name in the Available Columns box, and then click Add. You may also use the Ctrl key to select multiple field names, and then click Add.

   • To add all of the available columns, click Add All.

   • To delete a column, click one or more field names in the Selected Columns box, and then click Remove.

   • To delete all of the columns, click Remove All.

   • To change the position of a column, click a field name and then click Move Up or Move Down until the name is in the desired position. You can also click Move To Top or Move To Bottom.

3. When you finish making changes, click OK.

   The changes appear in the event details table.

Now that you have modified the event details table to display the data that you want, you must save it as a query if you want to see the same data and the same format the next time you log in to Information Manager.

To save the modified table format

1. After you finish modifying the table format, click the Save View icon above the table.

2. Type a query name, and then click OK.

   The query is saved in the My Queries folder in the left pane. The next time you log in to Information Manager, you can select that query, and the table format will be the way you modified and saved it.