Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Create filters for real-time monitoring in the LEM Console

Create filters for real-time monitoring in the LEM Console

Updated March 14, 2017


Users can create custom filters from the Monitor view in the LEM Console to display real-time traffic from your monitored computers and devices. Users can also use filters to view historical data by sending their Conditions to nDepth, as detailed in Sending Filters to nDepth for Historical Search.


All LEM versions


  1. Open the LEM Console and log in to LEM Manager as an administrator or auditor.
  2. Click the Monitor tab.
  3. Click the + button at the top of the Filters pane, and then select New Filter to open Filter Creation.
  4. Enter a Name and Description (optional) at the top of the Filter Creation view.
  5. To modify the number of events your filter can store in memory, edit the Lines Displayed value next to the Name field. The default value is 1000.
  6. Drag one of the following elements into the Conditions box.
    • Events: Drag a single Event into your Conditions to filter for any instance of the event you specify. This type of Condition does not require a value.
      Note: The field at the top of the Events list is a search box.
    • Event fields: Drag an Event field into your Conditions to filter for any event that contains the value you specify.
      Note: The same principles apply to Event Groups and their fields.
  7. If the Condition defined above requires a value, populate the value in one of the following ways.
    • Enter a static text value in the Text Constant field (denoted by a pencil icon).
      Note: Use asterisks (*) as wildcard characters to account for any number of characters before, within, or after your text value.
    • Drag a Group from the list pane on the left over to replace the Text Constant field. The most commonly used Groups include User Defined Groups, Connector Profiles, Directory Service Groups, and Time Of Day Sets.
    • Drag an Event field from an event already present in your Conditions over to replace the Text Constant field. This will result in a condition that states whether values from different events in your Conditions should match.
  8. If you want to change the operators in your Conditions, click the operator until you find the one you want.
    Note: There are two types of operators.
    • Condition operators: These are found between your Fields and their values. Examples include Equals, Does Not Equal, Contains, and Does Not Contain. Filter Creation only displays the operators that are available for the values in your Conditions.
    • Group operators: These are found on the outside right of your Condition Groups. The two options are And (blue) and Or (orange).
  9. Repeat Steps 6, 7, and 8 for any additional Conditions you want to configure for your filter.
  10. Add a Notification to your filter using the Notifications list on the left.
  11. If the Filter Status below the Description field contains an error or warning, click the status indicator to view additional details and address the issue.
  12. Click Save.


Last modified