Filters

You can create search filters to save specific queries so that you can easily use them again. Filters are similar to saved searches. However, filters save the query only, while saved searches save the time range information in addition to the query.

Your system comes with a set of predefined search filters. For more information about these filters, see System Filters/Predefined Filters. You can add new filters and edit the existing ones from the Filters page.

The following categories of filters are displayed on the Filters page.

Shared: Shared search filters are user-created and are visible to all users. Once created, any user can use a shared search filter to search for events.

Search Group: Search group filters provide an access control mechanism to limit the events that users in a particular user group can see. Search group filters can also be used to limit the events processed by a category of reports (see Report Category Filters). The query for these filters can contain either a regular expression or one level of unified query. For more information, see Search Group Filters.

You must have admin-level privileges to create or edit search group filters. See Users/Groups for more information on Logger user rights and how to administer them.

System: A set of pre-defined filters, known as system filters, are included in your system. For more information about system filters, see System Filters/Predefined Filters.

Search filters can have one of two different types of query:

Unified Query: Unified Query (Unified) search queries specify keywords and fields.

Regular Expression: Regular Expression (Regex Query) search queries specify a regular expression. Regular-expression-based search filters are useful for creating real time alerts, which accept only regex queries.

The Search Group Filters manage the association of User Groups with Search Group Filters. Search Group Filters can be used to restrict events with Unified or Regex queries.

To create a filter

From the navigation bar Configuration menu, select Filters to open the Filter page.

Click Add. The Add Filter page displays.

Enter a name for the new filter in the Name field. Filter names are case-sensitive.

Select the category from the type menu:

For Shared Filter: Select whether is Unified or Regex. Click next

For Search Group filter: select search group filter. Click next.

Note: If you create a Search Group filter, make sure that you associate it to a user group, as described in Search Group Filters.

If Search Group Filter is the category, select the type: Unified or Regex Query from the type drop down.

Once you select the type, the following message will be displayed: The search group will be automatically updated in the database. Do you want to continue? If cancel is clicked, the current category remains selected.

Enter the query for the new filter.

For Unified queries:

Type a query. Logger’s Search Helper enables you to quickly build a query expression by automatically providing suggestions, possible matches, and applicable operators. See Search Helper for more information. Duplicate Storage Groups and Search Groups are not supported. The user is unable to create reports with duplicate parameters.

OR

Click Advanced Search to use the Search Builder Tool to create the query. For details about using the Search Builder Tool, see Classic Search: Using the Advanced Search Builder.

When adding a filter in Device Groups or Storage Groups, Logger displays a confirmation message as this action limits future searches for both search and report.
For Regex queries: Enter the regular expression in the Query text box.

Click Save.

To create a filter by copying an existing one:

From the navigation bar Configuration menu, select Filters to open the Filter page.

Locate the filter that you want to copy from the list of filters. Click the Copy icon ().

A new filter with the name “Copy of <filtername>” is created.

Change the name of the filter and edit the query for the new filter if necessary.

Click Save.

To edit a filter:

From the navigation bar Configuration menu, select Filters to open the Filter page.

Find the filter that you want to edit and click the Edit icon (

) on that row.

Change the information accordingly based on the query type:

Click Save

Note: Logger does not support right click functions. If any of the options is selected, an invalid page is opened or saved . Make sure to edit the search group filter by double clicking the filter name or click the correspondent edit button.

Peer /Pipeline Operator:

It applies for Regex /Unified filter only. The query textbox in the search group category does not allow either [_peer] or [|] to use pipeline expressions.

If you use the advanced option, the Auto suggest for Unified Queries filters has been limited to level 1; complex expressions are not supported. "Peer" option was removed and it is no longer available in the edit section. If you attempt to add this keywords, the following message displays: "The peerLogger keyword is not allowed for Unified Search Group filters".

To delete a filter:

From the navigation bar Configuration menu, select Filters to open the Filter page.

Find the filter that you want to delete and click the Delete icon (

) on that row.

Confirm the deletion.