Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Creating Filters

Filters are used to search logs and view information about filter condition, time, or fields in the logs. You can configure basic and advanced filters to match the filtering conditions. You can either load existing filters or define a new filter. A filter allows you to enter specific information that must be displayed on the Event Viewer page; for example, the columns in the Event Viewer table, the time range, and the aggregation point. When you change an existing filter or create a new filter, the Event Viewer table is updated automatically. If filters contain time details, the time range in Event Viewer is updated with the time specified in the filter.

Filters provide:

Procedure

To create an Event Viewer filter:

  1. Select Monitor > Events & Logs.
  2. Click Detail View.
  3. Click the filter text field.

    The filter keys available are displayed alphabetically in a drop-down list.

  4. Type the exact key in the filter text field, or select the key from the drop-down key list.

    The key appears in the filter bar. While typing in the values, you are prompted with suggestions in the drop-down list whenever possible.

    In the search text box, an icon displays the example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.

    For example: EventName =

  5. Continue to add filter expressions <key>space <operator> space <value>.

    The key appears, along with the value combination in the filter bar.

    For example: EventName = LOGIN_FAILED

  6. Repeat the Step 4 and Step 5 to add additional filter expressions. Press Enter to provide AND operator and comma for OR operator.

    The available filter keys are displayed alphabetically in the drop-down list.

    For example: EventName = LOGIN_FAILED AND SrcIP =

  7. Type in the required IP address.

    For example: EventName = LOGIN_FAILED AND SrcIP = 192.168.45.350

    The term operator AND/OR is displayed in the filter bar to add a different key. Starting in Junos Space Security Director Release 16.1, the term operator OR is displayed.

  8. Click Save > Save Filter.
  9. Enter the filter name.
  10. Click OK.

    The event logs for EventName = LOGIN_FAILED AND SrcIP = 192.168.45.350 are displayed.

Starting in Junos Space Security Director Release 18.4R1, you can perform complex filtering using AND and OR logical operators and brackets to group the search tokens.

For example: (Name = one and id = 11) or (Name = two and id = 12)

For examples on event log filters, see Advanced Search section in Events and Logs Overview.

Note The filters that you have typed will appear in the filter history until the next session.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit