Skip to main content

Filters—AIE Summary Fields

This page uses adding filters to an AI Engine Rule as an example. The names of windows and setting options vary slightly depending on where you are creating or modifying a filter.

The AIE Summary Fields tab appears on all AI Engine Rule blocks.

AIE Summary Fields allow you to select a list of field values to summarize in the rule output. Any Group By fields you have already selected are selected as AIE Summary fields by default and cannot be deselected. Unlike Group By fields, AIE Summary Fields do not impact the criteria by which the rule triggers.

AIE Summary Fields results are only available in Alarm Cards in the Web Console and in HTML SMTP notifications. Each field is limited to the top ten unique values.

The AIE Summary Fields are populated by the AIE Automatic Drilldown feature. This feature currently has a 60 second timeout period, after which, if the logs have not yet been collected, the AIE Summary Field appears as blank.

The Automatic Drilldown feature is intended to contextualize critical alarms as opposed to being used for all alarms. LogRhythm cannot guarantee a 100% success rate when attempting to use the Automatic Drilldown feature for all alarms.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.