Use the Filter Editor | LogRhythm Documentation

Filter Modes

Items and item types in filters can be set to include or exclude. The following examples explain those settings.

Filter In (Is)
User (Origin or Impacted) IS ‘pete’
Result: Either Origin nor Impacted has the value ‘pete’. At least one of the fields has a value of ‘pete’.
Filter In (Is) Blank with Filter in Null Values?
User (Origin or Impacted) IS NULL
Result: Either Origin or Impacted is NULL. At least one of the fields must be null.
Filter Out (Is Not)
User (Origin or Impacted) IS NOT ‘pete’
Result: Neither Origin nor Impacted has the value ‘pete’. Both fields have a value other than ‘pete’
Filter Out (Is Not) Blank with Filter out Null Values?
User (Origin or Impacted) IS NOT NULL
Result: Neither Origin nor Impacted is NULL. Both fields must have a value.

Quantitative filters are available from these LogRhythm tools and utilities:

Quantitative fields include:

The operators for quantitative filters are described in the following table.

Operator	Description
=	Equal to
!=	Not equal to
>	Greater than
>=	Greater than or equal to
<	Less than
<=	Less than or equal to
<>	Less than or greater than - (outside range)
<=>=	Less or equal to OR greater or equal to - (outside range)
><	Greater than AND less than - (between range)
>=<=	Greater or equal to AND less than or equal to - (between range)

LogRhythm can use wildcards and pattern matching in search string filters to increase flexibility and efficiency. For example:

Use wildcards to search for a particular sender or recipient email address in the Platform Manager, Data Processor, or LogMart by specifying only some of the characters in the address.
Filter to find any matches for senders at a given domain name.
Filter to find a specific host name.