Monday, September 25, 2006

Viewing Raw Data in Real-Time

Another question i get asked is "How can i view the raw data coming into my MARS appliance for a certain device?"

Well this is easy to configure, via a Query.

1) If we first select a device to monitor, on the Query screen
2) Now we need to Edit the Query Type, and select the Result Format as: "All Matching Event Raw Messages"
3) And finally select "Real Time" : Raw Events.




Now when we submit, we will watch in real time, all the raw events arriving from your selected device or devices.




Quite a cool feature i think!