Viewing catalog statistics
You can use the catalog statistics tab to view statistics for a selected message catalog. The statistics are displayed in a graph with the number of messages generated over a specified duration. The statistics are generated from the auto-learn function, which runs during the nightly maintenance cycle. The data is updated daily with the messages for the previous day. Although real-time observation of message statistics is not possible, you can perform a trend analysis of the messages over any period for which the data is available.
To view catalog statistics
To view catalog statistics, perform one of the following steps:
- To view device message statistics, click the IP address hyperlink from any tab in the product, and click All Messages For Device.
- To view user message statistics, navigate to Messages > Catalogs > Users, click the required user, and click All Messages For User.
- To view windows event message statistics, navigate to Messages > Catalogs > WinEvts, and click the required event.
- To view facilities message statistics, navigate to Messages > Catalogs > Facilities, and click the required facility.
- To view severities message statistics, navigate to Messages > Catalogs > Severities, and click the required severity.
- To view thread message statistics, navigate to Correlation > Threads, and click the required thread.
Click View Catalog Statistics.
(SPE2207) The following image displays an example of the Severity Catalog Statistics tab:
To modify the time range
To see a specific range of catalog statistics, modify the following fields:
Field | Action |
|---|---|
Start Date | Enter the start date and time of the messages. |
End Date | Enter the end date and time of the messages. |
Group By | (SPE2207) Group messages by seconds, minutes, hours, days, months, or years. (Earlier than SPE2207) Group messages by seconds, minutes, hours, or days. To prevent the product from displaying an overwhelming amount of data, limit the duration (the period between the Start Date, End Date, and time). The following limitations are applicable to the Group By options:
Months and years do not have duration limitations. |
Click Apply.
Examining total statistics
In addition to a graphical representation of the message rates, the following statistics are also generated:
Statistics | Description |
|---|---|
Total Messages | Total number of cataloged messages for the selected period |
Coverage | Percentage of intervals in the selected period that contain messages, indicating how frequently a catalog type occurs |
All Intervals | Data for all intervals in the selected period, including the intervals that do not have any message catalog |
All Non-Zero Intervals | Data for all intervals in the selected period, excluding the intervals that do not have any message catalog |
All Intervals and All Non-Zero Intervals display the following information:
- Total Intervals—Total number of intervals of the specified type
- Average—Average number of messages cataloged per interval
- Maximum—Maximum number of messages cataloged for an interval during the selected period
- Minimum—Minimum number of messages cataloged for an interval during the selected period. Unless the message catalogs are very active, the value for All Intervals Minimum is usually zero.
The bottom of the tab shows the following messages that indicate whether the current catalog statistics are up to date:
- Statistics and Catalogs are in sync.
The catalog is up to date. Statistics are out of date for yyyy-mm-dd, n messages missing.
The catalog’s daily message count for the indicated day does not match the statistics database, and the indicated number of messages is missing.
Message Catalog Statistics tab (earlier than SPE2204)
The Catalog Statistics screen is accessed by clicking on the View Catalog Statistics hyperlink at the bottom of any catalog screen. This screen is also accessed via the View Counter Threshold Hints hyperlink on the Edit screen of the Alert component. This screen shows the basic statistics of messages contained in the catalog. The screen is depicted as follows:
This screen shows the basic statistics associated with messages in the catalog. It is available for the Device Address, Facility, Severity, Username and Thread catalogs.
The screen shows the following fields:
- Alert Threshold Hints—These are suggested alert thresholds for the data based upon the current average value for the data rates and the data standard deviation. These values can assist in the configuration of proper alert thresholds in the Alerts facility.
- Number of Message Records—This is the total number of messages in the catalog for the specified start date and span days interval, that should agree with the value shown in the catalog message viewer.
Number of Sample Intervals—This is the number of sampled intervals during the span of days. Increasing the sample interval value decreases the number of total sample intervals.
- Maximum Counts For Any Interval—This is the maximum number of messages received during any sample interval.
- Average Counts Per Interval—This is the statistical average of messages received for any interval, across the span of days. It is approximately equivalent to the total number of message records divided by the span of days (in seconds) multiplied by the sample interval.
- Standard Deviation From Mean—This is the statistical variance of the messages, and can be thought of as the average distance from the statistical average for all samples.
You can change the time interval window for the statistics, and can change the start date, and the span days. By default, the statistics are for all messages starting with the current date, and for the previous 30 days. Increasing the time interval increases the average and standard deviation, and decreases the number of intervals sampled.
Related topics