Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > LEM filter does not trigger with User Defined Group condition

LEM filter does not trigger with User Defined Group condition

 

Overview

Attempting to create a filter, where a User-Defined Group is used.

For example, UserLogOff.DetectionIP = GroupTest

Where Group Test has a list of computer names to compare in the condition.

However, no events appear in the new filter.

Environment

LEM 6.3.1

Cause 

If the symbol * is missing, then the condition in the filter will not work.

Resolution

  1. As a test, create a filter that has only one of the servernames within the condition.

    Example: UserLogOff.DetectionIP = *ComputerA*

    Where ComputerA is one of the names that is in the User-Defined Group: GroupTest

    Make sure that this condition works.

  2. If the condition works, then check the column DATA in the User-Defined Group. In this case the GroupTest may only have in the data section: ComputerA. Which is not correct. The data portion should have: *ComputerA*     
  3. Edit the entries in the User-Defined Group, and add the * symbol before and after your data parameters.
  4. Save the changes to your group, and then check on the filter again. User should see that the events have started coming in.

 

Last modified

Tags

Classifications

Public