Rw tab |
---|
title | New alert definition |
---|
|
You can activate Auto-investigation in DeepTrace when creating a new alert definition from the Data Search tab. Click the alert icon to create a new alert definition and select Auto-investigation in DeepTrace. Note |
---|
Auto-investigate in DeepTrace DeepTrace does not allow grouping tables, when clicking on the Auto-investigate in DeepTrace the Auto-investigation query opens with your query without grouping, you can also modify here the query that is going to be investigated by DeepTrace. | Click the alert icon to create a new alert definition and select Auto-investigation in DeepTracerawMessage field required The rawMessage field must be included in the Auto-Investigation query definition (select rawMessage ), even if it's not in the alert definition query. Otherwise, DeepTrace will not trigger an investigation even though the alert itself was triggered. |
It is possible to activate DeepTrace when opening a table in Data Search by clicking on the engine tool button → New → DeepTrace Investigation. You can also send a single event to be investigated in DeepTrace. To do that select the event and do right-click to open the options and start investigating in DeepTrace. Note |
---|
Why can’t I see that option? Be aware this option will be available when there is no grouping and at least one event is selected in the table. |
|