Fluency has the ability to generate Reports / Dashboards based on aggregations from Event Watch.
Adding a Report
As an example, we will make a report containing all the Webroot event buckets. Give the report a name and description. In this case, the name of the report is “Webroot_DataAnalysis.”
In the Bucket Aggregation section, click the “Bucket” field. This will open a dropdown menu containing all the configured buckets from the Event Watch page. Typing in the field will search through the buckets for matches. Since we are creating a Webroot report, we will select the first Webroot bucket from the list.
After selecting the bucket, the duration (time range) and graph type can be set. The default duration is two days. In this case, we want a histogram of the bucket. Press “+ ADD” to add the aggregation.
The trash can icon under the “Action” column to the right of the table allows the user to delete any unwanted aggregations. Add as many aggregations as desired, following the same process as above.
The other buckets show examples of other types of graphs. The second, third, and fourth buckets have “topn” selected as the type of graph. This will display a histogram but only with the top 10 corresponding data pieces, as opposed to all of them. The last bucket is called “Webroot_MaliciousHitsByDestIP” with “geoIP” selected as the graph type. This will display the data as points on a map based off the destination IP addresses from the event bucket. Once all the desired event buckets have been added, click “SAVE” to save this report.
The report now appears in the table. Click the graph symbol in the action column to return to the Reports page.
All the Webroot graphs now appear in this report so that all the Webroot data can be viewed together. As shown at the top of the page, many reports can be defined in order to allow the user to group graphs in any way desired.