Filter

 

In the audit log view it is possible to filter the logs returned, if you are interested in a specific event, time frame, user etc. 


Filter can be constructed in two different ways and they can be edited afterwards:

  • Include and Exclude values
  • Create new filter


Include and Exclude desired values

When you hover your mouse cursor over a value in a log line, two buttons are shown next to the value: , clicking the button will create an include filter for the selected value, meaning only the log lines where the field matches the value you included will be shown. Similarly if you click the button you will create and exclude filter, meaning only the log lines where field does not match the selected value will be returned.

Note: Include and Exclude filters work differently when selecting them for the "Timestamp" field. In case of a Timestamps button means After, meaning only the log lines that were created after the selected time stamp will be returned. Similarly button means Before.

Multiple include and exclude filters can be stacked. Only the log lines that satisfy all conditions will be returned.


Add New Filter

Click the "Add New Filter" button to manually add a new filter. Add Filter prompt will be displayed where you can configure and add a new filter.

You can create filter for the following fields: Event, Timestamp, IP Address, User-Agent, User. The logical operators you can use are:

  • starts with / not starts with, which create include/exclude filter for the prefix value
    • e.g. "Event starts with user" filter will match: "user created", "user setting changed"... log lines
    • e.g. "Event not starts with user" will match loglines where event doesn't start with "user": "domain setting changed"...
  • before / after / between, which are only applicable with Timestamp field and allow you to define the time range of log lines returned

When you create a filter click "Save" to apply it.


Multiple include and exclude filters can be stacked. Only the log lines that satisfy all conditions will be returned.


Edit Existing Filter

When you hover your cursor over an existing filter, new icons will appear, allowing you to quickly edit or interact with the existing filer: 

  • Edit - Add/remove prefix strings or edit the existing one.
  • Toggle - Toggle the filter on or off. If you toggle the filter Off, the filter remains saved, but it does not take effect until you toggle it back On.
  • Invert - Invert the filter, Include filter will become Exclude filter and vice versa. In case of Timestamp related filter, the After filter will become Before and vice versa.
  • Remove - Delete the filter.

Was this article helpful?