With reports, you can quickly review key metrics related to security, usage patterns, and more — and share them with your team. Use reports to visualize your Cmd data and create a custom dashboard highlighting your key metrics.
This page is intended to provide conceptual knowledge about reports that can help you unlock their potential. You may want to read it in parallel with our step-by-step instructions for building new reports.
For each report, you can:
use a CQL query to choose which data to explore in the report;
quickly filter the data by user, trigger, server, location; and,
select which widgets to include, such as bar charts, summary statistics, or maps, (and optionally filter each widget's data with an additional or separate CQL query).
Report query — The CQL query that selects the data for this report.
One powerful genre of query shows uses the
trigger_group_id properties. For example, if you have a trigger that fires when someone escalates to root, you can make a report about each time it fired.
Tip: trigger and trigger group IDs are found in their URLs.
Trigger group ID:
2. Filters — Filters allow you to temporarily limit which data is visible.
This allows you to quickly see data about one user, server, or IP address:
3. Widgets — When you edit or create a widget, you will see the following popup:
An example definition for a widget that lists the alert counts for servers.
To define each widget:
Select a descriptive title.
Refine the query (Optional) —
If you uncheck "Include report query", the report query stops having any influence on the data in this widget. Either way, you can add a chart-specific query which will filter the data, either on its own or in addition to the report query.
Select the type most appropriate for your data —
available types include lists, bar graphs, pie charts, maps, and calendars.
Customize the chart by setting type-specific preferences such as which properties to display.
Reports are dynamic and automatically update as new data is collected. To create a static report, include a specific date in the CQL query.
The Edit chart window doesn't preview data, so save your widget to preview it.