Skip to content

Filters

Filters is a standard configuration interface for adding, editing, and removing the SQL filters used when displaying Events. Users can restrict access to certain filters to a specific User, to the User's Group, to any group or any user. Accessing the event list using defined Filters is done through the Events navigation by expanding the Filters by Group group, then selecting a filter. Users will only see filters that are in the filter group that has been set as the restrictive filter group, as well as any children filter groups and filters. Private filters have the user owner set to a specific user and will show up in a Private Filters group for the user in the Events navigation.

Refer to the Standard Configuration Interface guide for details on interacting with the grid and form.

This user interface calls REST methods from api/event/filters.

The UI path for this interface is Configuration -> Events -> Filters.

Form Fields

  • Filter Name - The name of the filter.

  • Filter User Owner - The user owner of the filter.

  • Filter Group Owner - The group owner of the filter.

  • Default Display - Select which display should be used by default when the filter is selected.

  • Shard - The specific database shard that will be used.

  • Filter Clause - SQL WHERE clause used to filter the events

  • Viewers - The additional viewers that will be able to use the filter.

Filter Clause Toolbar

  • Line Numbers - Toggle on/off line numbers.

  • Search - Search code.

  • Previous - Previous result for current search.

  • Next - Next result for current search.

  • Replace - Search and replace code.

  • Replace All - Search and replace all in code.

Best Practice

  • Filters are considered private if Filter User Owner is set to any value other than Public to All Users In Group. Private filters cannot be added to filter groups. If a filter is changed from public to private, it will be removed from all groups.

Meta

Default Filters

  • Acked Events

  • All Events

  • Availability

  • Checkpoint

  • Cisco IOS CatOS

  • Cisco PIX

  • Cisco Secure IDS

  • Cisco VPN

  • Custom

  • Emails

  • Foundry

  • Last 5mins

  • Last Day

  • Last Hour

  • NetScreen

  • Nimbus

  • NT Eventlogs

  • Older Than Day

  • Snort IDS

  • Syslogs

  • Traps

  • Unacked Events

  • Unix Syslog