The Correlator report is a statistical report that can show whether and how strongly pairs of variables are related. Manually, Correlating the hundreds of logs is impossible. Although you have manually correlated logs and the correlation is fairly obvious your log properties may contain unsuspected correlations. To make a meaningful and expectable data from each logs, you may need to see the correlation from combination of each log's properties. In that respect, An Correlator report analysis can lead to a greater understanding of your data.
You can create report 2 different way; you can input your query in the search bar then click "+ Create Report" button on this section or you can go reports section then click "+ Report" button. We recommend you to before create your report, check your query with search section so you can view results of query.
1. Go to Search and build query strings.
2. Now, you can build a report based on the presented result. Click "+Report" under the Search bar.
3. Select "CORRELATOR" in the Report Type icons section and provide the required information. The description of fields is as below.
Report Type: Must be selected as CORRELATOR.
Index Type: This tab is predefined as Log. If you want to create the report with index logs , you must set this type as Log. Also you can select Logsign Events to get Logsign web interface events. The column names will be changed according to the index type. The last option is offline. If you select offline, you can create report with reindexed logs from archive.
Time Column: This tab is predefined as Time.Generated column. If you select Time.Generated, your report use this column value as time.
Query: You can input your query in this tab. If you input your query on search section and click "+ create report" button, query will automatically fill as your query on search section.
Report Name: Enter report name.
Report Block: Select report block for report.
Grouped Column: The fiducial value to will be correlated with multiple columns.
Min Event Count: Minimum event occurrence to update the report.
Multiple Columns: Sub-values that will be correlated with the Grouped column.
Multiple Column Row Count: Multiple column count that will be displayed
Filter Columns: Select which columns can use for filter.
Category: Select category for report.
Tags: Select tag for report. This is not a required field.
Compliance: Select compliance for report. This is not a required field.
4. Click Save button to create report.