• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC TrueSight IT Data Analytics 1.1

    Page tree

    This topic provides the following information for adding views and seeing a graphical display of the event data.

    Related topics

    Understanding views

    The Views tab allows you to add multiple summarization charts related to multiple search queries in one page. This tab helps you to view various trends in your event data at a glance. You can use views in various ways. For example, you can create a separate view page for each application and then add summarization charts on that page.

    A view is made up of four equally sized quadrants called viewlets. These viewlets contain charts that summarize the results of a particular saved search query. You can add four summarization charts (viewlets) at the same time to a single view.

    The Default view page is available by default on the Views tab. You can add more view pages to the Views tab by clicking Add new view  next to the Default view page, or you can add them when you are adding a saved search to the view. You can edit and delete view pages and reload viewlets on the view pages, but you cannot delete the Default view page. You can also edit, delete, and reload individual viewlets that have been added to a particular view page.

    Saved searches are the building blocks for creating views. You cannot create a view on the basis of a saved search that is shared by other users. But you can clone the saved search and then use the cloned copy to add a notification. For more information, see Managing saved searches.

    Views created can be shared with other users by exporting them as a part of the content pack. Views imported by using a content pack cannot be edited or deleted. For more information, see Managing content packs

    If a problem occurs
    Common troubleshooting issues

    The following figure shows a view page with four viewlets (carrying various summarization charts) and details about the first viewlet (on the top left):

    Views

    Before you begin

    Create a saved search using which you want to add a view. For more information, see Managing saved searches.

    Adding views to display saved search results as a chart

    You can add views to see a graphic representation of the saved search results for data monitoring purposes.The graphic representation is available in the form of various charts. For example, bar diagram pie chart, line chart, and so on.

    Note

    If your saved search string includes a search command that provides tabular outputs (for example, the timechart command), the option to represent the search results in the form of a chart is unavailable.

    For more information about tabular commands, see Search commands.

    Adding the saved search results (summarized as a chart) to a view page is the same as adding a viewlet to the view page. A viewlet is one of the four quadrants that appear on a page, and you can use it to display the summarization chart for a particular saved search.

    You can add a viewlet summarizing the saved search results on a view page in two ways, by using the Views tab or by using the Cabinet > Saved Searches tab.

    Note

    By default, a viewlet provides details about search results displayed on the Search tab within one minute.

    To change this time limit, you can add the indexing.psJobGetMoreTimeoutInmsec property by navigating to the searchserviceCustomConfig.properties file. This property defines the time limit (in milliseconds) after which the search (including notifications and views) times out. For more information, see Modifying the configuration files.

    To add a viewlet from the Views tab

    1. On the Views tab, perform one of the following actions:
      • Navigate to one of the existing view pages, and click one of the four quadrants where you want to summarize the search results of a saved search as a chart.
      • Add a new view page by clicking the Add new view  icon next to the Default view page, provide a view name, click Create, and then click one of the four quadrants where you want to add a saved search summarization chart.
    2. Provide the following details and then click Create:
      • Viewlet Name: Provide a title for the summarization chart that you want to add in the viewlet.
      • Saved Search: Type or select the saved search for which you want to summarize search results in the form of a chart.
      • Search String: Displays the search string corresponding to the saved search selected.
      • Summarization Field: Select the field name or tag name by which you want to summarize your search results data in the viewlet.

      • Chart Type: Select one of the following chart types to summarize your search results:

        Chart typePreview
        Bar

        Column
        Doughnut
        Line
        Pie

    To add a viewlet from the Cabinet > Saved Searches tab

    1. Navigate to Cabinet > Saved Searches.

    2. Select the saved search that you want to add to the view, and click Add to View .

      Note

      You cannot add a saved search to a view in the following scenarios:

      • If the saved search has a custom time context because this type of saved search provides absolute results.
      • If the saved search was shared by other users and not created by you.
      • If the saved search contains a search query that uses the stats command without the group by parameter. Creating a viewlet for such a query does not provide meaningful representation of data.
        For example, in the following search query, there is no field specified to group the search results.
        * | stats count(HOST)

      However, you can use a saved search shared by another user for creating a view after cloning the saved search.

    3. On the Add to View dialog box, provide the following details:
      • Summarization Field: Select the field name by which you want to summarize your search results data in the viewlet.
        This field displays a list of fields available in the Filter Pane on the Search tab and all the tags available in the system. You can add more fields to this list by adding them to the My Fields panel on the Search tab. If the saved search contains a search query that returns tabular output (for example timechart, stats commands), then the fields displayed in the list are derived from the tabular data.

      • Chart Type: Select one of the following chart types to summarize your search results:

        Note

        The pie and doughnut charts are not supported for saved searches that return tabular output. For example, timechart command.

      • View: Select one of the existing views (view pages) to add the search results data to that view. If you want to add the search results data to a new view, create the view by selecting Create new and providing a name for the view in the View box.
      • Viewlet Name: Provide a title for the summarization chart that you want to add in the viewlet.
      • On the Location grid, click the box in which your search results are to be displayed.
        If a viewlet is already plotted on one of the four boxes, then the viewlet name appears on that box.
      • Click Add.
        You can see the saved search details summarized in the form of a chart on the Views tab (on the specified view page).

    For more information about saved searches, see Managing saved searches.

    Actions available for views and viewlets

    The following table lists the various actions that you can perform on views and viewlets on the Views tab:

    ActionDescription
    Views
    Add a viewClick the Add new view  icon next to the Default view page.
    Reload all viewlets in a viewNavigate to a view and click Reload all viewlets at the top of the page.
    Rename a view

    Navigate to a view, click Rename view at the top of the page, provide the new view name, and click Update.

    Delete a viewNavigate to a view, click Delete view at the top of the page, and click Yes to confirm the action.
    Viewlets in an existing view
    Refresh a viewletNavigate to a view, and on a viewlet, click Refresh Viewlet to refresh the data displayed on the summarization chart.
    Edit a viewlet

    Navigate to a view, on a viewlet, click Edit Viewlet to edit one or more of the following details related to that viewlet, and then click Update:

    • Viewlet Name: The title of the viewlet.
    • Saved Search: Select a saved search from the list. When you select a saved search, the search string related to that saved search automatically appears in the Search String box. You cannot modify this search string unless you modify the saved search.
    • Summarization Field: Select a field by which you want to summarize the search results.
    • Chart type: Select one of the chart type options (for example, bar diagram, pie chart) to summarize the search results. For more information, see Chart types.
    Delete a viewletNavigate to a view, and on a viewlet, click Delete Viewlet to delete that viewlet from the current view.
    • Change the time context of the viewlet
    • View the viewlet execution details

    Navigate to a view, and on a viewlet, click the time range list, and then select one of the following options:

    • Last 5 minutes
    • Last 15 minutes
    • Last 60 minutes
    • Last 6 hours
    • Last 24 hours
    • Last 2 days
    • Last 7 days

    The viewlet execution details (starting and ending date and time) are displayed next to the time range list.

    © Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.