Hi guys,
I'm trying to filter more than one event ID on the dashboard but i'm having problems with the syntax.
I tried adding multiple filter tabs but that hasn't worked nor has what I've done below. I'm still only getting eventID 5004.
Filtering more than one eventID on Dashboard
-
james.liew
- Posts: 59
- Joined: Wed Feb 22, 2017 1:30 am
Filtering more than one eventID on Dashboard
You do not have the required permissions to view the files attached to this post.
Re: Filtering more than one eventID on Dashboard
You have access to some boolean operators in both the search bar and your filters. OR might be a useful one for this use case:
Here's a good overview of the Lucene syntax, which is used extensively throughout Elasticsearch and can help you write some very granular searches:
http://www.lucenetutorial.com/lucene-query-syntax.html
Here's a good overview of the Lucene syntax, which is used extensively throughout Elasticsearch and can help you write some very granular searches:
http://www.lucenetutorial.com/lucene-query-syntax.html
You do not have the required permissions to view the files attached to this post.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/