Log View right-click filtering supports "OR", "AND", and "Replace" 7.2.3
The right-click filtering capabilities in Log View have been enhanced to support six options in total of AND, OR, and Replace as detailed below:
-
Add a filter entry with an AND condition, such as
AND event_type=traffic
-
Add a filter entry with an AND negate condition, such as
AND event_type!=traffic
-
Add a filter entry with an OR condition, such as
OR event_type=traffic
-
Add a filter entry with an OR negate condition, such as
OR event_type!=traffic
-
Replace all filters with the selected entry, such as
event_type=utm
-
Replace all filters with the selected negate, such as
event_type!=utm
If no filter is used before right-click filtering, the new filter will be added no matter which option is selected in the right-click menu. For example, see the images below. The Data Source ID
filter is added from the right-click menu.
Once there is an existing filter for Log View, you can use the right-click menu to add an AND or OR filter according to your needs. For example, see the images below. An Event Type
filter is added with an with an AND condition.
When a third filter or further filters are added with the right-click menu, brackets will also be added around the existing filters. For example, see the images below. After adding the Destination IP
filter with an OR condition, the existing Data Source ID
and Event Type
filters are automatically surrounded by brackets.
You can use the Replace options in the right-click menu to replace all the current filters. For example, see the images below. The existing filters are replaced with an Event Severity
filter.