After investigating a new Event, you can name and rank the Event so Anomaly Detection learns how to handle this Event in the future.
Event names and ranks are applied across your organization’s Sumo Logic account, not just your own login.
To name and rank an Event:
- Click an Event in a Report. Remember that blue Events have not been named or ranked.
Events that are red, yellow, or green have been labeled previously, but the rank can be changed.
- Adjust the time range to see more data around the Event, if necessary.
- To investigate, you can click See All Signatures or Hide All Signatures. Or in the Signatures pane below, you can toggle individual Signatures on or off to show or hide color coordinated lines on the timeline chart.
- After investigating the Event, type an Event Name for the Event (we used Intrusion), then choose a Severity setting.
If you choose Unimportant for the Severity, events are still displayed, but they are grayed out. Unimportant events are treated like background noise.
- Enter an optional Description for the Event. This can include directions on how to handle the Event in the future. Including a description can be helpful to others in your organization.
The Description field can be used as a transcript of how the issue was addressed, or information about handling the issue in the future. Or, you can include contact information for the person who should handle escalations, for example.
- Click Save.