Work with Event Subtypes panel
The Work with Event Subtypes panel allows you to define and work with Event Subtypes for a particular Event Description.
An Event Subtype is a specification that further defines how to identify the IBM i events in which you are interested. Many times an Event Description will represent an action that occurred, and this "subtype" will indicate the subject of the action or different classes of the action.
How to Get There
On the Work with Event Descriptions panel, choose option 8=Subtypes.
Field Descriptions
Event Source
An Event Source is a location from which IBM i events are extracted. Currently, journals and message queues are supported as Event Sources. Common event sources are QAUDJRN (journal) and QSYSOPR (message queue). You may define your own journals and message queues as Event Sources.
Event Description
Indicates the Event Description to which the listed Event Subtype pertains.
An Event Description is a specification that defines how to identify the IBM i events in which you are interested.
Event Field
Indicates the Event Field that defines the event data that delivers the subtype value when an event is processed.
An Event Field is a specification that defines how to interpret different sections of the IBM i event's data.
Position to
Type a value here to position the list to the Event Subtype whose name is equal to or greater than the value you entered.
Options
Opt
Enter a valid option from the list of options provided on the list panel.
Active
Indicates whether the Event Subtype is available for processing. When an Event Subtype is not active, the event it identifies will not be processed.
Name
The name you use to refer to this Event Subtype within Powertech SIEM Agent. The name must match exactly whatever data the "subtype field" can contain in the actual event data at execution time.
Description
A short description you assign to the Event Subtype.
Command Keys
F3=Exit
Exit the program.
F5=Refresh
Refreshes the panel with the most current data.
F6=Create
Creates a new item.
F11=View
Toggles the panel between different views.
F12=Cancel
Discards changes and returns to the prior panel.