Event List Interactions

Event List Interactions allows to actively interact with the data and explore it in deep detail. These interactions are added as options in the Event List, and work as quick workflows triggered directly from the search results.

For example, every time an event includes an IP address, you can:

  • Trigger a look up in an external system directly from the Event List — a kind of "WHOIS" search based on the IP address found in the event.

  • Control the context in which the interaction should be displayed, to only show it in events that actually have the field IP address — because this interaction makes sense only if such specific condition is met.

Event List Interactions are available within a certain scope — that is, they apply to some given Repositories and Views.

These scoped interactions are collected in an overview page, from which you can create more preset interactions, or where other users in the Organization access to reuse the interactions you have created.

Not every user can see, configure or edit these interactions, this depends on the permissions set for them in the given repository.

Once created, these interactions are displayed in the Event List for every search within a repository.

For the steps on how to configure Event List Interactions, see Setting Up Event List Interactions.

Setting Up Event List Interactions

To create a new interaction:

  1. Click your account icon in the top right corner of the Repositories and Views page and select Manage interactions. You will be presented with the Interactions overview page.

  2. Click Add interaction on the top right:

    Interaction Overview

    Figure 81. Interaction Overview


  3. In the Create new interaction dialog, enter the information as required:

    • Name — the name assigned to the interaction, by default Interaction #1, which you can change e.g., Lookup IP.

    • Title template — where to incorporate strings/values from the event in the text. If you want to provide a more precise label for the interaction, you can add it here.

      For example, if clicking on an element or a row where the field IPAddress is set to 172.17.0.30, the title of the interaction in the Event List when clicking on that element or row would be Lookup 172.17.0.30, see Figure 82, “Event List Interaction” .

    • Scope — the repository or view where you want to add the new interaction from the dropdown list.

    • Behavior — the destination Type you want your widget to interact with, between:

      • Dashboard Link — lookup for an item in a related dashboard.

        You have the options to whether open the destination dashboard to a new tab, and use the time from the current dashboard or the time from the destination dashboard.

      • Custom Link — lookup for an item in an external location by linking your widget to the destination URL.

    • Parameter bindings — set up the interaction to use fields from within events and bind them to the parameters present in the destination dashboard.

      Use the Template Language to populate values based on the widget you are interacting with.

  4. Under Condition, click +Add condition to set when you want the interaction to be shown, given some specified conditions. This allows to show the interaction only when a given field in the Event List is equal to a specified value, e.g. #event_simpleName field equal to NetworkConnectIP4 value.

  5. Click the three-dot menu next to each event in the Event List, you’ll see your interaction in the contextual menu (under Inspect and Show in context menu options).

In the example below, the interaction looks for a specific IP found in the event:

Event List Interaction

Figure 82. Event List Interaction