<p class="shortdesc">事件数据集以已有查询模板为数据集进行各个字段的统计。本文介绍如何新增事件数据集。</p> <section class="section prereq" id="eventDataSet__prereq_f1w_tjy_qsb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div> <p class="p">您已创建安全日志审计实例。</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/console/log-audit" target="_blank" rel="external noopener">安全日志审计SLA控制台</a>，进入<span class="keyword wintitle">实例列表</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击目标实例<span class="ph uicontrol"> 操作</span>列的<span class="ph uicontrol">管理</span>，进入安全日志审计控制台。</span> <div class="itemgroup info"> <img class="image" id="eventDataSet__d80e53" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112057-1ecc508f988a.png" width="830"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在上边栏选择<span class="ph uicontrol">规则库</span>，在左侧菜单栏选择<span class="ph menucascade"><span class="ph uicontrol">解决方案</span><abbr> > </abbr><span class="ph uicontrol">解决方案包</span></span>，进入<span class="ph uicontrol">解决方案包</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击自定义的解决方案包下<img class="image" id="eventDataSet__image_ehr_tmm_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112056-1d77b5dc9778.png">图标，进入<span class="ph uicontrol">数据集</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">在<span class="ph uicontrol">数据集</span>页面，单击<span class="ph uicontrol">新增</span>，选择<span class="ph uicontrol">事件数据集</span>进入<span class="ph uicontrol">事件统计数据集</span>页面，输入事件数据集名称，勾选已保存查询和显示列，单击<span class="ph uicontrol">保存</span>。</span> <div class="itemgroup info"> <div class="p"> <img class="image" id="eventDataSet__image_p5q_vmm_4sb" width="800" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112056-11effbb6956f.png"> </div> <table class="table" id="eventDataSet__table_xfp_nnm_4sb"><caption></caption><colgroup><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry colsep-1 rowsep-1" id="eventDataSet__table_xfp_nnm_4sb__entry__1"> <p class="p"> 配置项 </p> </th> <th class="entry colsep-1 rowsep-1" id="eventDataSet__table_xfp_nnm_4sb__entry__2"> <p class="p"> 说明 </p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="eventDataSet__table_xfp_nnm_4sb__entry__1 "> <p class="p"> 名称 </p> </td> <td class="entry colsep-1 rowsep-1" headers="eventDataSet__table_xfp_nnm_4sb__entry__2 "> <p class="p"> 用来标识数据集。 </p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="eventDataSet__table_xfp_nnm_4sb__entry__1 "> <p class="p"> 已保存查询 </p> </td> <td class="entry colsep-1 rowsep-1" headers="eventDataSet__table_xfp_nnm_4sb__entry__2 "> <p class="p"> 已保存查询模板，详细介绍请参见<a class="xref" href="https://www.ocftcloud.com/ssr/help/security/LogAudit/cfg.event.customQuery.resultSave" target="_blank" rel="external noopener">保存事件查询</a>。 </p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="eventDataSet__table_xfp_nnm_4sb__entry__1 "> <p class="p"> 显示列 </p> </td> <td class="entry colsep-1 rowsep-1" headers="eventDataSet__table_xfp_nnm_4sb__entry__2 "> <p class="p"> 至少需选择一项。 </p> </td> </tr> </tbody></table> </div> </li></ol></section>