Manual Chapter : Managing Log Filters
Applies To:Show Versions
BIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0
Managing Log Filters
Create a new log filter
You can create new filters to better manage the events in your logs. The filters are based on a fixed set of query parameters, with an option to manually enter all available parameters into a query expression. For more details about the required syntax, see
Query expression syntax for log filters.
- From the log screen, click the filter icon at the top right of the screen ().
- ClickCreate.The New Filter configuration popup screen opens.
- Type a uniqueFilter Name.
- In the Query Parameters area, add the query information.Adding information to these fields automatically populates theQuery Expressionbox. Refer to the Query expression syntax for log filters to view all query options.
- Once you have the custom filter the way you want it, clickSave & Apply.
The new filter is added to the filter list. You can select this filter later to query the list according to the set parameters.
Query expression syntax for log filters
On the New Filter configuration popup screen, the Query Expression area for creating a new log filter requires specific syntax. To manually run query parameters, use the syntax requirements listed here.
- Express elements of the filter query as key value pairs, separated by a colon, such asprofile_name:"MyCurrentProfile".
- Use the following operators within a filter query.OperatorUsage ExampleANDThis:p1 AND bar:(A AND B AND "another value")AND NOTAND NOT qux:errorORname:"this is a name" OR bar:(A OR B OR C)OR NOTOR NOT qux:error*support_id:*123*. This operator can only be used for text fields.
- Enclose values that have spaces within quotation marks, such askey:"two words".
- Query any field for more than one value by enclosing the values with parentheses, such askey:(a b "two words"). In this case, the default operator is OR.
- Only pre-defined values are allowed for fields with a type of multi-value. These values are listed in the Query Parameters area, next to the relevant field.
- In a policy name, you must include the full path to the policy, such as/Common/MyPolicy.
- Values with a type of date can accept valid date formats, such as'Oct 30, 2017 00:00:00'.
- Values of the date range type can accept input in the format of[min_date...max_date], such as'[Oct 30, 2017 00:00:00...Oct 30, 2017 06:00:00]'. The date range might also contain only minimum without maximum, and the reverse, such as'[Oct 30, 2017 00:00:00...]'or'[...Oct 30, 2017 00:00:00]'.
- Values of the numeric range type can accept input in the format of[min...max], such as'[1...100]'. The numeric range might also contain only minimum without maximum, and the reverse, such as'[1...]'or'[...100]'.