Correlation screens

The Correlation application processes the raw message data received by the Messages application. The correlation screens permit you to establish associations between messages by creating Threads that consist of messages related by simple or complex match patterns, possibly controlled by Triggers. The counters of these threads can then be alarmed through the Alert facility that causes syslog messages to be sent back to the messages application for further correlation. (Alerts are discussed in the next section.)

The Threads screen permits you to define arbitrary groups of messages using simple or complex expressions, identifying these messages by a user-defined Thread Title. The operator can define, edit, or delete threads to organize the incoming data. To view the messages related to a thread, you can click the thread title hyperlink.

The Correlation application also contains a Config tab that provides general utility in configuring the various elements of the correlation process. Detailed information regarding correlation techniques and usage can also be found in Advanced-correlation-using-actions.

This section provides information about the following topics:

Related topic

Using-the-BMC-Defender-Server-interface


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*