Create Log Filters
Table of Contents
Create Log Filters
Specify the logs that you want to forward based on log
type and attributes.
- Start creating a Syslog or email forwarding profile.
- UnderFilters, selectAdd.
- Select a log type.
- Enter a query that describes the type of logs you want to forward, or select one of the predefined filters.See the Explore guide to learn more about queries and using the query builder to help you write them.
A green check mark indicates that the query is valid, and pressing enter or clicking the arrow should generate results that match the query. A red X means that the query is invalid and you will be unable to submit it.
- (Optional) Customize how the field columns appear.
- Hover over any column header and select the hamburger icon to choose the columns that you want to see.
Hiding a column hides the corresponding field in the Syslog message of the logs forwarded through the filter. - Change column order by clicking anywhere on a column header and dragging to the left or right.
Rearranging columns changes the order of the fields in the Syslog message of the logs forwarded through the filter. For example, if you moveRULEto the left ofAPPLICATION, theRulefield will appear before theApplicationfield in the Syslog message. - Change column width by clicking in between column headers and dragging to the left or right.
- Saveyour filter.