5. Baselining

This section assumes, that you have read the chapter Basic Concepts.

All incoming logs, that do not match an existing case, will show up in the Baselining section. From here you can create cases and define your baseline, meaning every event showing in the baseline is in theory something unknown/new.

Contents

• 5.1. Customize Your View
• 5.2. Manual Case Creation
  • 5.2.1. Case Creation Basics
  • 5.2.2. Select Log Messages for a Case
  • 5.2.3. Case Creation from Search Results
  • 5.2.4. Case Creation from Selection
  • 5.2.5. Case Creation Using a Custom Condition
  • 5.2.6. Case Creation Using a Regular Expressions
• 5.3. Automated Case Creation
• 5.4. Add to Case
• 5.5. Customizing the Detailed View of Log Lines
• 5.6. Usage of the Context Menu