Skip to main content
Skip table of contents

Filters—Include Filter

This page uses adding filters to an Alarm Rule as an example. The names of windows and setting options vary slightly depending on where you are creating or modifying a filter.

The Include Filters tab of the Filter Editor allows you to specify that only events with matching values will be processed by this alarm rule. Include filters are applied only against the events returned from the primary criteria search, providing a very efficient way to refine the search.

To configure include filters

  1. In the upper-left corner of the window, click New.
    The Log Message Filter window appears.

  2. From the Add New Field Filter list, select a field to use as a primary filter.

    The User (Impacted/Origin) by Active Directory Group filter is only available to Global Administrators and Global Analysts. Restricted Analysts and Restricted Administrators may not create or edit an User (Impacted/Origin) by Active Directory Group filter in Personal Dashboard, Investigator Wizard, Tail Wizard, or Report Wizard. Restricted Analysts may run objects that reference an Active Directory Group filter in saved Investigations, Reports, and Report Packages.

  3. Click Edit Values.
    The Field Filter Values window appears with options based on your Field Filter selection.
  4. Select a Filter Mode.
  5. Do one of the following:
    • If you selected a Quantitative Field Filter, such as Host (Impacted) Bytes Rcvd, enter the operator and values.
    • If you selected a Field Filter that requires a user-defined value such as IP Address, enter the value you want in the Add Item field. Select any additional options that are required.
    • If you selected a multi-type field such as Application, select an option from the Item Type list.
    • If you selected a Field Filter such as Log Source Type, the Field Filter Selector window appears. It is populated based on your Field Filter selection. Follow the prompts to further refine your filter, and then click OK.
  6. (Optional) Use the filter options to shorten the list. Enter characters you want to match, select Keyword or Regex, and then click Apply. Only items that contain the characters you entered appear.
  7. Click Add Item.
  8. (Optional) Continue adding items.

  9. (Optional) To delete a filter from the list, select it and click Remove Filter.

  10. Click OK.
    The Add New Field Filters window appears with the newly added filter in the list.
  11. Continue adding filters until you are finished with this field.
  12. (Optional) Continue adding filters.
  13. (Optional) To modify a filter in the list, select it and click Edit Values.
  14. (Optional) To delete a filter from the list, select it and click Delete.
  15. Click OK.
  16. When you complete the Exclude Filters tab, click Next to move to the next tab.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close