In other news the conference was good. One of the best things I did while there though was go into the usability lab and play with Logger 4.5. Granted that has been out for a bit but I haven't upgraded our Logger yet. The ability to do on the fly searches and pipe in some SQL operational commands (eg Top) is simply awesome. Prior to this you had to navigate to the queries section, create the query, remember to save it in the editor and on the query page and then run the report. While a particularly hard thing to do I would often have 2 instances of Logger up on my dual monitors - one to show some of the data I'd likely get and the other to do the navigation and SQL generation.
Now....ArcSight just need to port the same capability over to ESM! I know the product's back ends verge on apples to oranges but the navigation issue there is worse than Logger IMHO. The flipping around among the resource trees, having to save the query, etc etc. Having a one stop shop to do basic Top, group by, counts and not have to save each query somewhere would be great. Make it a capability just for Trends for all I care. The current inline filters are a start but just don't have the full breadth of ways to slice and dice the data on the fly that are needed. Don't get me wrong, the tools are there to create a wide range of reports, query viewers, dashboards, etc etc and they don't take a whole of of time to create per se. The issue is when you are investigating something and want to look at the data just so.
No comments:
Post a Comment