Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > LEM adding additional conditions to default filter

LEM adding additional conditions to default filter

Updated May 11th, 2016

Overview

This article provides brief information and a sample scenario on the key components to observe when modifying your filter. 

Editing an already existing filter: Software Installation/Update 

When you want to have an extra "not equal to" condition, but the modified filter does not appear to work.

 

For example:

Let's say you do not want to see any SoftwareUpdate events where the ToolAlias is equal to Vista Security.

You include this into the filter, but it does not appear to work. What's next?

 

Environment

LEM version 6.2

Cause 

The issue is caused by misconfiguration.

Resolution

Note: Pay attention to the Events and Fields that you are using.

 

In this example, we do not want to see any Software Update events with the Tool Alias equal to Vista Security.

 At the moment we tried the following:

                                                                                                                                                                                                                                        

This does not seem to work, however. 

 

A closer look:

  • We are using the event: SoftwareUpdate
  • Then, the field: ToolAlias
  • In the default condition, we already have SoftwareUpdate Event in its own group.       

Like below:                            

 

If this is the case, then we do not need to place the new condition in its own group. We should place it in the same group as the SoftwareUpdate since they both share the same event.

  1. Close (press the x) on the Group that has just the softwareupdate.toolalias not equals to Vista Security.

  2. Go back to the Events > SoftwareUpdate.

  3. Then to Fields : ToolAlias

  4. Then click on the ToolAlias and drag it over to the group section that just has SoftwareUpdate.

  5. Wait until you see a solid straight red line in the group, then drop the SoftwareUpdate.ToolAlias != Vista Security here.

     

     

In the end you will see the following:

 

-Conditions: -

Group: SoftwareInstall checkmark

Group: SoftwareUpdate checkmark & SoftwareUpdate.ToolAlias NotequalTo Vista Security

-End of conditions-

 

Like the following:

 

Click Save. 

Check under Monitor page, and this filter should then be working.

 

 

 

Last modified

Tags

Classifications

Public