Sources of events are displayed in the table under Sources status → List of event sources. Data is updated once every minute, and one page can display up to 250 sources. You can sort the table by clicking the column header of the relevant setting. You can use the Search field to search for sources of events. Clicking on a source of events opens an incoming data graph.
The following columns are available:
Status—status of the event source:
Green—events are being received within the limits of the assigned monitoring policy.
Red—the frequency or number of incoming events go beyond the boundaries defined in the monitoring policy.
Gray—a monitoring policy has not been assigned to the source of events.
The table can be filtered by this setting.
Name—name of the event source. The name is generated automatically from the following fields of events:
DeviceProduct
DeviceAddress and/or DeviceHostname
DeviceProcessName
Tenant
You can change the name of an event source.
If the source name is longer than 128 characters, you cannot assign a policy to it or delete it. It is possible export its data to CSV (see below).
Host name or IP address—host name or IP address from which the events were forwarded.
Monitoring policy—name of the monitoring policy assigned to the event source.
Stream—frequency at which events are received from the event source.
Lower limit—lower boundary of the permissible number of incoming events as indicated in the monitoring policy.
Upper limit—upper boundary of the permissible number of incoming events as indicated in the monitoring policy.
Tenant—the tenant that owns the events received from the event source.
If you select sources of events, the following buttons become available:
Save to CSV—you can use this button to export data of the selected event sources to a file named event-source-list.csv in UTF-8 encoding.
Apply policy and Disable policy—you can use these buttons to enable or disable a monitoring policy for a source of events. When enabling a policy, you must select the policy from the drop-down list. When disabling a policy, you must select how long you want to disable the policy: temporarily or forever.
Remove event source from the list—you can use this button to remove an event source from the table. The statistics on this source will also be removed. If a collector continues to receive data from the source, the event source will re-appear in the table but its old statistics will not be taken into account.