SmartEvent Correlation Unit High Availability

Multiple correlation units can read logs from the same Log Servers. That way, the units provide redundancy if one of them fails. The events that the Correlation Units detect are duplicated in the SmartEvent database. But these events can be disambiguated if you filter them with the Detected By field in the Event Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy. Query definition. The Detected By field specifies which SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. detected the event.