Filtering is used in searches and configuration in many parts of the LogRhythm Client Console, including:

  • Personal Dashboard Filters
  • Investigator Wizard
  • Tail Wizard
  • Report Wizard
  • Alarm Rule Wizard
  • Log Distribution Services Policy Wizard
  • SecondLook Wizard

The Filter Editor and associated Wizard tabs are used with slight variations in many places in the LogRhythm Client Console. This means that not every tab in this topic appears in every situation.

Filter Processing Order

The order in which you work through the filter editor is not the same as the order in which filters are applied. During processing, the order is:

  • Log Source
  • Day and Time
  • Primary Criteria
  • Include Filters
  • Exclude Filters