Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > LEM filter does not trigger with User Defined Group condition

LEM filter does not trigger with User Defined Group condition

 

Overview

Attempting to create a filter, where a User-Defined Group is used.

For example, UserLogOff.DetectionIP = GroupTest

Where Group Test has a list of computer names to compare in the condition.

However, no events appear in the new filter.

Environment

LEM 6.3.1

Cause 

If the symbol * is missing, then the condition in the filter will not work.

Resolution

  1. As a test, create a filter that has only one of the servernames within the condition.

    Example: UserLogOff.DetectionIP = *ComputerA*

    Where ComputerA is one of the names that is in the User-Defined Group: GroupTest

    Make sure that this condition works.

  2. If the condition works, then check the column DATA in the User-Defined Group. In this case the GroupTest may only have in the data section: ComputerA. Which is not correct. The data portion should have: *ComputerA*     
  3. Edit the entries in the User-Defined Group, and add the * symbol before and after your data parameters.
  4. Save the changes to your group, and then check on the filter again. User should see that the events have started coming in.

 

Last modified

Tags

Classifications

Public