Using the Correlation tab

The Correlation application processes the raw message data received by the Messages application. From the Correlation subtabs, you can establish associations between messages by creating threads, which consist of messages related by simple or complex match patterns that can also be controlled by triggers. You can use thread counters to create alerts, and the alerts cause syslog messages to be sent back to the Messages application for further correlation. For more information about alerts, see Alerts tab.

Related topic

Using-the-BMC-Defender-Server-interface

The following figure displays the Correlation tab and its subtabs:

correlationTab.png

On the Threads tab, you can define arbitrary groups of messages by using simple or complex expressions, identifying these messages by a user-defined thread title. You can view, define, edit, or delete threads to organize the incoming data. To view the messages that are related to a thread, click the thread title hyperlink.

On the Config tab, you can configure various elements of the correlation process. For information about correlation techniques and usage, see Advanced-correlation-using-actions.

This section provides information about the following topics:


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*