Comma Separated Values (Event Log Filters only)
You can separate multiple values with a comma to avoid creating multiple filters. Simply combine all the values the field should match with commas and make sure you are not using a space after or before the comma. For example:
Print,MrxSmb
Supported by all fields in the "Details" section.
Negation Symbol (Event Log Filters only)
You can negate a value by pre-pending it with an exclamation mark. For example, to match all events except for those with the source of Print you could use the following:
or
!*Print*
|
Do not combine regular values (values without the negation character) and values with a negation character (e.g. "!Print,MrxSmb" is not supported). |
Wildcards
The wildcards * and ? are supported.
| * | matches zero or more occurrences of any character |
| ? | matches one occurrence of any character |
|
Note: Filter strings, whether containing wild cards or not, are never case sensitive. |
Examples
Filter with wildcard |
Matches string |
ipx* |
IPXCP IPXRIP IPXRouterManager IPXSAP |
*iptables*proto=??p*dpt=13* |
syslog@netikus-router[kern.debug]: kernel: IPTABLES INPUT: IN=ppp0 OUT= MAC= SRC=65.35.223.155 DST=65.41.63.146 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=54221 DF PROTO=TCP SPT=1429 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0 |
VMnet* |
VMnetAdapter VMnetBridge VMnetDHCP VMnetuserif |
*rip* |
IPRIP2 IPXRIP |
