1. Logsign Support Center
  2. Logsign Unified SecOps Platform
  3. Security Analytics

Grouped Report Type

Updated

Grouped Report type allows you to group all the column results according to the query written on Search Bar. For example, if you want to see the IP addresses that make connections from inside network to outside, you can type the query as "Source.Position:in Destination.Position:out" and then select the grouped column as Source.IP. Now, you are able to see the network traffic of the IP addresses from inside to outside.

 

To create a Grouped Report, follow the steps given below:

1-As a first step, prepare the query for the report including the connections as shown in the example below. Then, click "+Report"140.png

 

2- Select Grouped Report and fill in the fields as given below:

141.png

Index Type: This tab is predefined as Log. If you want to create the report with index logs , you must set this type as Log. Also you can select Logsign Events to get Logsign web interface events. The column names will be changed according to the index type. The last option is offline. If you select offline, you can create report with reindexed logs from archive.

Time Column: This tab is predefined as Time.Generated column. If you select Time.Generated, your report use this column value as time.

Query: You can input your query in this tab. If you input your query on search section and click "+ create report" button, query will automatically fill as your query on search section.

Report Name: Enter report name.

Report Block: Select report block for report.

Grouped Column: The Grouped report structure will be configured by this column.

Rows Per Page: Determine show to rows per page.

Min Event Count: The minimum event count is the minimum number of logs that is collected at Logsign to be shown on the Logsign Interface. If the event is not accumulated less than certain number that you set, Logsign doesn't show these logs on the Logsign interface. For example, if you want show a web site that accessed more than 10 times, you set this field as 10. So the report will show the web sites that is accessed more than 10 times. Here, you are going to set this as 1 to see all the web site accessed at least once.

Graph Type: Here you have 3 types of graphs. You can select it as Pie, Bar or Line.

Filter Columns: Select which columns can use for filter.

Category: Select category for report.

Tags: Select tag for report. This is not a required field.

Compliance: Select compliance for report. This is not a required field.

 

3- Click Save button to see the report

142.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.