Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating an Event Viewer Filter Using Advanced Filter Options

    To create an Event Viewer filter:

    1. Select Security Director > Event Viewer.

      The Event Viewer filter management tabular view is displayed.

      The Event Viewer page is divided into the following sections:

      • Filter options
      • Event view
      • Event details
    2. Click the plus sign (+) next to the Filter By option.

      The filter keys available are displayed alphabetically in a drop-down list.

    3. Type the exact key in the filter text field, or select the key from the drop-down key list.

      The key appears in the filter bar. While typing in the values, you are prompted with suggestions in the drop-down whenever possible.

      For example: EventName =

    4. Continue to add filter expressions <key> space <operator> space <value>.

      The key appears, along with the value combination in the filter bar.

      For example: EventName = LOGIN_FAILED

    5. Repeat the Steps 3 and 4 to add additional filter expressions.

      The available filter keys are displayed alphabetically in the drop-down list.

      Example of filter expression: EventName = LOGIN_FAILED AND SrcIP =

    6. Type in the required IP address.

      For example: EventName = LOGIN_FAILED SrcIP =

      The term operator AND is included in the filter bar automatically.

      For example: EventName = LOGIN_FAILED AND SrcIP =

    7. Click Filter or press Enter.

      The event logs for EventName = LOGIN_FAILED AND SrcIP = are displayed.

    Note: The filters that you have typed will appear in the filter history until the next session.

    Published: 2014-04-30