In the Raw Message column, right-click on the raw log message you want to use to create a policy, and then click Create Policy.
If the log message has no associated log source type, the Assign Log Source Type dialog box appears.If the log message is already associated to a log source type, the first page of the Policy Builder appears. Go to step 3.
Select a log source type from the existing list.
A blue frame appears around the selected log source type, and the Log Source Type Details appear on the right side.
- Click Create Policies.
The first page of the Policy Builder appears.
Enter information in the following fields:
Policy Name. A name for the policy.
(Optional) Policy Description. A description of the policy.
Paste a Log Message Here. The raw log message you selected from the search results auto-populates.
The Policy Builder Workspace appears.