The Report Data Configuration option allows you to enable and disable summaries or aggregate tables in the Sentinel database. Enabling a summary allows aggregation to start computing the counts for that particular summary and shortens the execution time for any report that uses the summary table. Sentinel Top 10 reports use summary tables.
A summary is a defined set of attributes that make up the key for which to compute the number of unique occurrences (event count) by each hour time period (event time). For EventSevDestPortSummary, it saves the count of events for each unique combination of destination port and severity for an hour. These saved computations of the event data allow for quicker summary reporting and querying. Certain summaries need to be active in order for the summary reports to be accurate.
Aggregation is the process of calculating the running count for all active summaries as events flow through the system. These running counts are saved to the database in the summary tables.
Summaries Benefits:
Greatly reduced event data set
Conformed dimensions that allow the ability to drill down, roll up and drill across on event data
Summary reports run much faster with precomputed summaries
Aggregation Benefits:
Only processes active summaries
Does not affect event insertion into the real-time database.
Report Data Configuration tab allows you to:
Enable/disable any predefined summaries
View attributes of each summary
See the validity of a summary for a period of time
Query which Event files need to be run so that the summary is complete
The following are all summaries already defined in the system.
Table 2 Summary Name Description
For trademark and copyright information, see Legal Notices.