Create Log Filters

Specify the logs that you want to forward based on log type and attributes.
When you’re first setting up log forwarding to a Syslog or an email server, you must specify which logs to forward by using log filters. Log filters use the same query language as Explore to enable you to finely select which logs Cortex Data Lake will forward to the destination of your choice.
  1. Start creating a Syslog or email forwarding profile.
  2. Under
    Filters
    , select
    Add
    .
  3. Select a log type.
  4. Enter a query that describes the type of logs you want to forward, or select one of the predefined filters.
    See the Explore guide to learn more about queries and using the query builder to help you write them.
    A green check mark indicates that the query is valid, and pressing enter or clicking the arrow should generate results that match the query. A red X means that the query is invalid and you will be unable to submit it.
  5. (
    Optional
    ) Customize how the field columns appear.
    • Hover over any column header and select the hamburger icon to choose the columns that you want to see.
      Hiding a column hides the corresponding field in the Syslog message of the logs forwarded through the filter.
    • Change column order by clicking anywhere on a column header and dragging to the left or right.
      Rearranging columns changes the order of the fields in the Syslog message of the logs forwarded through the filter. For example, if you move
      RULE
      to the left of
      APPLICATION
      , the
      Rule
      field will appear before the
      Application
      field in the Syslog message.
    • Change column width by clicking in between column headers and dragging to the left or right.
  6. Save
    your filter.

Recommended For You