Creating filters

Use the Advanced Filter Builder dialog to create a defined filter consisting of one or more complex criteria groups for use with WhatsUp Gold log management data ingestion and associated reporting. This interface can be most easily accessed by selecting SETTINGS > Log Management > Log Filter Library, then clicking the Add icon. You can also navigate to the Advanced Filter Builder dialog directly from the Log Viewer by clicking Advanced Filter, then selecting New Filter from the menu that appears.

To create an advanced filter for use with WhatsUp Gold Log Management:

  1. First, give your new filter a name. This is the name by which you'll identify the filter in WhatsUp Gold when working with log management reporting and alerting features.
  2. Select a field from the first drop-down menu on the left. This menu is categorized by type and can be searched using the data entry field at the top of the list.
  3. Select the relationship between the selected log field and the user-defined criteria the filter will consider from the drop-down menu in the center.

    Tip: When the center drop-down menu is expanded, you can hover over any item in the list to display a tool tip describing that option in greater detail.

  4. Enter the criteria the filter should consider in the data entry field at right.
  5. If you would like to create an additional item for the Criteria group, click the Add icon, then repeat the previous steps as needed to complete the group.
  6. If you would like your filter to contain additional groups, click Add filter group to begin specifying additional criteria, as needed.
  7. Ensure the drop-down menus separating both filter and criteria groups reflect the correct relationship between each group (e.g., Criteria Group A AND Criteria Group B OR C.)
    • IP Address + begins with + 172.
    • Event Severity + matches + Critical
    • Event Severity + matches + Warning
  8. To remove any item from a criteria group, click the X icon to the right of the target item or to remove an entire criteria group from the filter, click the applicable Delete hyperlink.
  9. When your filter is complete, click Save.

When viewing the Log Filter Library, you can see a list of all saved filters as well as related information including the number of Alert Center thresholds that have been configured using that filter and which user last updated the filter criteria and when.

Note: Pre-defined filters displayed in the library are appended with a lock icon and cannot be edited.

To launch the Log Management Filter Frequency Alert Center threshold configuration dialog in order to set up an alert for any filter displayed, select the filter, then click Setup Alert. The configuration dialog appears with the Log filter field automatically populated with the filter you selected in the library. If a saved filter already has an alert applied to it, you can create an additional alert using the same control.

Caution: Clicking Remove Alert will remove all alerts applied to the selected filter.

See Also

Log Management

About Log Management

Configure a Log Source

Log Management Settings

Configuring a Log Management Filter Frequency Threshold

Log Management Dashboard

Log Viewer (Full Page Report)

About Log Management data archiving

Using the Archived Logs interface