Use Link View in Express List to view a visual representation of the relationships between alerts in a group.
Before you begin
Role required: evt_mgmt_operator or evt_mgmt_admin
About this task
For an overview of Link View in Express List, see Viewing links between alerts in alert groups in Express List.
Procedure
-
Navigate to .
-
In the primary navigation, select the Express List icon (
).
-
In the fields in the interactive filter panel, select Group and then the check box for the alert groups to display.
Note: Link View is supported for the following alert group types:
- Network traffic-based
- Rules-based
- Mixed alert groups, which include:
- CMDB-based alert groups
- Tag cluster-based alert groups
- Related log entities
- Shared impacted services
-
In the Active alerts list, select the description of an alert group.
The preview panel opens to the Alerts in group tab, which lists all the correlated alerts in the selected group.
-
Navigate to Link View.
Link View opens, displaying the relationships between the alerts in the selected group.
- Optional:
Customize the Link View display.
| Task | Action |
|---|
| Focus on an area of interest |
Select one or more nodes and rearrange them in Link View by dragging them to a new location. |
| Refresh the alert group |
Select Refresh. After refreshing the alert group, rearranged nodes appear in their original position again. Newly added nodes are marked as New.
Note: The Refresh button is enabled when new data for the alert group is available. Link View doesn't refresh automatically.
|
| View the meaning of icons and colors |
Select the Link View legend. The legend also indicates the number of unique nodes displayed per tag. For a description of each tag, see Attributes in Express List Link View. |
| Reduce noise |
In the Link View legend, toggle between hiding and showing a tag type. |
| View information about an alert |
Hover over a node to display text with information about the alert. |