The reporting service provides reports that you can use to visualize, measure performance, and adjust settings to optimize your use of report. Reports are written for different purposes. They therefore contain different information and structures, and these form the outline of the report. The table below shows the sections commonly found in these types of reports.
Report Types - Correlator Report
The Correlator report is a statistical report that can show whether and how strongly pairs of variables are related. Manually, Correlating the hundreds of logs is impossible. Although you have manually correlated logs and the correlation is fairly obvious your log properties may contain unsuspected correlations. To make a meaningful and expectable data from each logs, you may need to see the correlation from combination of each log's properties. In that respect, An Correlator report analysis can lead to a greater understanding of your data.
Build a Correlator report
There are two ways to build a report. One way is to build a report based on the result on Search class and the other way is to directly build a report on Report class. However, we recommend you to build a report in the former way because before building a report, you can check whether the result of query is proper.
1. Go to Search and build query strings.
2. Now, you can build a report based on the presented result. Click "Build Report" under the Search bar.
3. Select "CORRELATOR" in the Report Type icons section and provide the required information. The description of fields is as below.
Report Type: Must be selected as CORRELATOR.
Index Type: This field is automatically set as Log when you click on Build Report button. Here, If you want to create the report with the logs of the registered source in device list, you must set this type as Log. You can select Captive Portal to get the results of hotspot events, Alerts to get alert events, and Logsign Events to get Logsign web interface events. The column names will be changed according to the index type.
Time Column: This is already specified as Time.Generated. This is one of time attributes that log will be shown up on the Logsign interface.
Query: It will be automatically specified too, as we create the report with the query that we typed on Search bar. You can change this query here, or type it manually.
Report Name: Type the name of our report.
Report Block: A container which this report will be saved.
Grouped Column: The fiducial value to will be correlated with multiple columns.
Min Event Count: Minimum event occurrence to update the report.
Multiple Columns: Sub-values that will be correlated with the Grouped column.
Multiple Column Row Count: Multiple column count that will be displayed
Filter Columns: We must select the filter columns here to summarize and look the only results that you want to see from all kind of log information.
Profiles: In this field, we can select the report profiles that we created before in Settings > Delegation > Report Profiles. By adding the profiles, the only users that have these report profiles will be able to see this report results. This is not a required field.
Category: You can select and assign this report to a category to view it quickly later by using these categories. Here you can select it as Custom/My Report.
Compliance: You can select and assign the global standarts for your report such as FISMA, ISO27001, SOX etc. This is not a required field.
4. After you click "SAVE", you will see the result as below.