Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Creating Filters

Filters are used to search logs and view information about filter condition, time, or fields in the logs. You can configure basic and advanced filters to match the filtering conditions. You can either load existing filters or define a new filter. A filter allows you to enter specific information that must be displayed on the Event Viewer page; for example, the columns in the Event Viewer table, the time range, and the aggregation point. When you change an existing filter or create a new filter, the Event Viewer table is updated automatically. If filters contain time details, the time range in Event Viewer is updated with the time specified in the filter.

Filters provide:

Procedure

To create an Event Viewer filter:

  1. Select Monitor > Events & Logs.
  2. Click Detail View.
  3. Click the filter text field.

    The filter keys available are displayed alphabetically in a drop-down list.

  4. Type the exact key in the filter text field, or select the key from the drop-down key list.

    The key appears in the filter bar. While typing in the values, you are prompted with suggestions in the drop-down list whenever possible.

    For example: EventName =

  5. Continue to add filter expressions <key>space <operator> space <value>.

    The key appears, along with the value combination in the filter bar.

    For example: EventName = LOGIN_FAILED

  6. Repeat the Step 4 and Step 5 to add additional filter expressions. Press Enter to provide AND operator and comma for OR operator.

    The available filter keys are displayed alphabetically in the drop-down list.

    For example: EventName = LOGIN_FAILED AND SrcIP =

  7. Type in the required IP address.

    For example: EventName = LOGIN_FAILED AND SrcIP = 192.168.45.350

    The term operator AND/OR is displayed in the filter bar to add a different key. Starting in Junos Space Security Director Release 16.1, the term operator OR is displayed.

  8. Click Save > Save Filter.
  9. Click OK.

    The event logs for EventName = LOGIN_FAILED AND SrcIP = 192.168.45.350 are displayed.

For examples on event log filters, see Advanced Search section in Events and Logs Overview.

Note: The filters that you have typed will appear in the filter history until the next session.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit