cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Report Event Aggregation

Jump to solution

Whenever I create a report I have two options.
Either use a bar chart and have to use one of the premade Querys (Which almost never suite my needs.) Or I use a table chart, in which case I have no aggregation of events meaning that each event that happens takes up a new line. Why isn't there an option for me to aggregate such events and have an "Event count" field next to them to show the amount of times said event has triggered?

I keep getting reports like the following:

Capture.PNGExample

Instead of having one of these lines with an event count of 10 next to it.
Anyone knows how to help?

1 Solution

Accepted Solutions
McAfee Employee mherr
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Report Event Aggregation

Jump to solution

When you drop the table on the page, select Event Queries > Signature IDs.  This will give you the data you are looking for, but the order will be Signature ID, Count, Event Count, Rule Message.  You can choose to display any of those columns in your report.  If you don't like the order, you will need to create a new Reporting Query.

On Reporting Queries, click Add

Give it a Name

Click OK

Click Fields.  Add in this order
Rule Message, Signature ID, Event Count

On the right side, click the box in Signature ID for Group.  Event Count should change to Sum(Event Count)

Click OK

Leave Filters Blank

Sort On: My recommendation is SUM(Event Count) Descending, but you could leave as Rule Message

Click OK to exit Sort On

Click Finish

 

 

2 Replies
McAfee Employee mherr
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Report Event Aggregation

Jump to solution

When you drop the table on the page, select Event Queries > Signature IDs.  This will give you the data you are looking for, but the order will be Signature ID, Count, Event Count, Rule Message.  You can choose to display any of those columns in your report.  If you don't like the order, you will need to create a new Reporting Query.

On Reporting Queries, click Add

Give it a Name

Click OK

Click Fields.  Add in this order
Rule Message, Signature ID, Event Count

On the right side, click the box in Signature ID for Group.  Event Count should change to Sum(Event Count)

Click OK

Leave Filters Blank

Sort On: My recommendation is SUM(Event Count) Descending, but you could leave as Rule Message

Click OK to exit Sort On

Click Finish

 

 

Re: Report Event Aggregation

Jump to solution
Thanks! Worked perfectly
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community