Filtering data by tags/participants/types

Filtering data by tags/participants/types

Filter By Tags

Tags are used to categorize or identify common themes across your data. Filtering by tags can help you narrow down the displayed data to the information you have curated and annotated.

To filter by tags in your Event Data, click in the search field next to Filtered By

There are three ways to select tags from here:

  1. Type the specific tag you’re looking for, such as Alerts, and click the check box next to the tag name to filter to display only messages with that tag.
  2. image

  1. Search “tags” or select the check box next to Tags in the drop down that appears when clicking into the search field. This will automatically add all of the tags used in the investigation so far. Any tag you do not want to filter by can be deselected by clicking the X to the right of the tag.
  2. image

  1. In the drop down that appears when clicking into the search field, there is an arrow to the left of Tags, clicking this will expand to show the full selection of tags used in the investigation so far. Clicking the check box next to any specific tag will filter to display only messages with that tag.
  2. image

When a tag is selected, only the messages tagged with that tag will be displayed. Multiple tags can be selected at a time, displaying all messages tagged any of the selected tags.

If you have not yet added any tags, the Tags option will be greyed out in the drop down that appears when clicking into the search field.

image

  • If you used the Jeli incident response bot, the tag Responder Joins will automatically be tagged each time a new responder joined the incident channel in slack, even if no other tags have manually been added.

Filter By Participants

Participants are the individuals who have contributed to the Slack conversation ingested into the investigation. Filtering by participants is particularly useful when interviewing incident responders, allowing you to view all of the messages from a specific responder. (See also Creating an Interview Filter Set in Jeli [link to doc])

To filter by participants in your Event Data, click in the search field next to Filtered By. There are three ways to select participants from there:

  1. Type the name of the participant in the search field, and click the check box next to the name to filter to display only messages sent by that participant.
  2. image

  1. Select the check box next to Participants in the drop down that appears when clicking into the search field. This will automatically add all of the participants identified in the conversation. Any participant you do not want to filter by can be deselected by clicking the X to the right of their name.
  2. image

  1. In the drop down that appears when clicking into the search field, there is an arrow to the left of Participants, clicking this will expand to show the full selection of participants identified in the conversation. Clicking the check box next to any specific name will filter to display only messages sent by that participant.
  2. image

In the drop down that appears when clicking into the search field, there is a toggle to the right of “Participants” labeled “Include @mentions?” that is turned off by default. Enabling this option includes all messages where the selected participant was @ mentioned by another participant. Sliding the toggle to the right enables the feature. (It is pictured below as enabled.)

  • If you used the Jeli incident response bot, one of the participants you can filter by will be Jeli. This includes all of the updates and changes made during the incident using the Jeli incident response bot. Filtering by participant and selecting Jeli is a great shortcut to display all of the status updates sent throughout the incident!

Filter By Types

There are multiple data types available in Jeli:

Chat Messages - the messages sent in the slack channels ingested into your Jeli investigation

Notes - the annotations added by you, or other investigators, as you tag and add context during your investigation.

PagerDuty - the alerts ingested from PagerDuty that correspond to your Jeli investigation. This does require an integration between Jeli and Pagerduty to appear.

To filter by data types in your Event Data, click in the search field next to Filtered By. There are three ways to select types from there:

  1. Type the specific type in the search field, such as Notes, and click the check box next to the type to filter to display only the notes added to the investigation.
  2. image

  1. Select the check box next to Types in the drop down that appears when clicking into the search field. This will automatically add all of the data types available. Any type you do not want to filter by can be deselected by clicking the X to the right of the type.
  2. image

  1. In the drop down that appears when clicking into the search field, there is an arrow to the left of Types, clicking this will expand to show the full selection of data types available. Clicking the check box next to any specific type will filter to display only the content matching that data type.
  2. image