Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Create filters for real-time monitoring in the LEM Console

Create filters for real-time monitoring in the LEM Console

Updated March 14, 2017

Overview

Users can create custom filters from the Monitor view in the LEM Console to display real-time traffic from your monitored computers and devices. Users can also use filters to view historical data by sending their Conditions to nDepth, as detailed in Sending Filters to nDepth for Historical Search.

Environment

All LEM versions

Steps

  1. Open the LEM Console and log in to LEM Manager as an administrator or auditor.
  2. Click the Monitor tab.
  3. Click the + button at the top of the Filters pane, and then select New Filter to open Filter Creation.
  4. Enter a Name and Description (optional) at the top of the Filter Creation view.
  5. To modify the number of events your filter can store in memory, edit the Lines Displayed value next to the Name field. The default value is 1000.
  6. Drag one of the following elements into the Conditions box.
    • Events: Drag a single Event into your Conditions to filter for any instance of the event you specify. This type of Condition does not require a value.
      Note: The field at the top of the Events list is a search box.
    • Event fields: Drag an Event field into your Conditions to filter for any event that contains the value you specify.
      Note: The same principles apply to Event Groups and their fields.
  7. If the Condition defined above requires a value, populate the value in one of the following ways.
    • Enter a static text value in the Text Constant field (denoted by a pencil icon).
      Note: Use asterisks (*) as wildcard characters to account for any number of characters before, within, or after your text value.
    • Drag a Group from the list pane on the left over to replace the Text Constant field. The most commonly used Groups include User Defined Groups, Connector Profiles, Directory Service Groups, and Time Of Day Sets.
    • Drag an Event field from an event already present in your Conditions over to replace the Text Constant field. This will result in a condition that states whether values from different events in your Conditions should match.
  8. If you want to change the operators in your Conditions, click the operator until you find the one you want.
    Note: There are two types of operators.
    • Condition operators: These are found between your Fields and their values. Examples include Equals, Does Not Equal, Contains, and Does Not Contain. Filter Creation only displays the operators that are available for the values in your Conditions.
    • Group operators: These are found on the outside right of your Condition Groups. The two options are And (blue) and Or (orange).
  9. Repeat Steps 6, 7, and 8 for any additional Conditions you want to configure for your filter.
  10. Add a Notification to your filter using the Notifications list on the left.
  11. If the Filter Status below the Description field contains an error or warning, click the status indicator to view additional details and address the issue.
  12. Click Save.

Video

For more information on creating filters in the SolarWinds LEM Console, see the following video:

Last modified
16:44, 13 Mar 2017

Tags

Classifications

Public