Creating Filters
Filters are used to search logs and view information about filter condition, time, or fields in the logs. You can configure basic and advanced filters to match the filtering conditions. You can either load existing filters or define a new filter. A filter allows you to enter specific information that must be displayed on the Event Viewer page; for example, the columns in the Event Viewer table, the time range, and the aggregation point. When you change an existing filter or create a new filter, the Event Viewer table is updated automatically. If filters contain time details, the time range in Event Viewer is updated with the time specified in the filter.
Filters provide:
Quick access to critical information—If you are a firewall administrator, you might have to regularly deny traffic from a specific application or a specific set of addresses. You might also have to allow or deny specific application access to some users. To achieve these conditions, you must set user search criteria, scan through the firewall logs that match that criteria, and display the matching logs.
Filter sharing among users—Other users in your domain can use the filters you create without modifying or deleting the filters.
Filter usage across multiple functional areas—Filters can be used across multiple functional areas such as the Event Viewer, dashboard, alerts, and reports.
Starting in Junos Space Security Director Release 19.2R1, in addition to the manual search using keywords, you can drag and drop the values from non-empty cells in the grid into the event viewer search bar. The value is added as the search criterion and the search results are displayed. You can drag and drop only searchable cells. When you hover over the rows in event viewer, searchable cells are displayed with blue background. If a cell is not searchable, there is no change in the background color. If you drag a searchable cell without any value or if the value = ’–’, you cannot drop the contents of such cells. If the search bar already has a search criterion, all the subsequent drag and drop search criteria are prepended by ‘AND’. After dropping the value in the search bar, the search condition is refreshed in the grid. This applies to both simple and complex search filters.
To create an Event Viewer filter:
Starting in Junos Space Security Director Release 18.4R1, you can perform complex filtering using AND and OR logical operators and brackets to group the search tokens.
For example: (Name = one and id = 11) or (Name = two and id = 12)
For examples on event log filters, see Advanced Search section in Events and Logs Overview.
The filters that you have typed will appear in the filter history until the next session.