Creating a Report or Baseline Report
Creating a report or baseline report is like creating a structured historical search, because you set the Conditions and Group By attributes that will be used to process the report data, and specify Display Fields to use in the report summary.
- Log in to your Supervisor node.
- Go to Analytics > Reports, and select the category for your new report.
Select Baseline for baseline reports.
- Click New.
- Enter a report Name and Description.
- For baseline reports, select Anomaly Detection Baseline.
- Enter the Conditions to use in your report.
See Selecting Attributes for Structured Searches, Display Fields, and Rules and Using Expressions in Structured Searches and Rules for more information on setting conditions. For creating baseline reports, see Baseline Reports for information on how to use the STAT_AVG and STAT_STDDEV functions in creating expressions for baseline reports.
- Select the Group By attribute to use in processing the search results.
The topic Example of How a Structured Historical Search is Processed explains how the Group By attribute is used in search results.
- Set the Display Fields to use in your search results.
See Selecting Attributes for Structured Searches, Display Fields, and Rules for more information on using event attributes in display fields.
- Click Save.
Your report will be saved into the selected category, and you can now run it or schedule it to run later.
Related Links
Creating a Structured Historical Search
Selecting Attributes for Structured Searches, Display Fields, and Rules
Example of How a Structured Historical Search is Processed
Using Expressions in Structured Searches and Rules Baseline Reports