About advanced search filters

Article:HOWTO64048  |  Created: 2011-12-20  |  Updated: 2011-12-20  |  Article URL http://www.symantec.com/docs/HOWTO64048
Article Type
How To


About advanced search filters

The ability to perform advanced searches using alert filters is new with Symantec Management Platform 7.1.You can use this built-in search function to help you manage alerts. The advanced filtering function is available from the main Event Console window, which you access from Symantec Management Console under Manage > Events and Alerts.

See About alert management.

In the main Event Console window, you click the magnifying glass next to the Search field and the Advanced Search pane opens. In the Advanced Search pane, you can choose from a predefined list of search criteria or type your own criteria. You can add other rules to an advanced search to further customize it.

See Filtering alerts.

See Creating advanced search filters.

The following advanced search tools let you narrow the list of filters to manage:

  • Three drop-down lists from which you select subsets of alerts

    In the first drop-down list you can enter or select a search type.

    Search types include the following:

    • Category

    • Count

    • Description

    • First occurred

    • Host

    • Last occurred

    • Severity

    • State

    In the second drop-down list you can enter or select a search operator.

    The search type that you select from the first drop-down list determines the search operators that appear in the second drop-down list.

    Some or all of the following search operators appear in the second drop-down list:

    • Equals

    • Not equals

    • Contains

    • Less than

    • Greater than

    In the third drop-down list, enter or select additional search criteria to apply to the selected search type that uses the selected search operator.

    After you select or enter a search type and one or more search operators, additional search criteria appear in the third drop-down list.

    For example, if you enter or select count > greater than in the first two drop-down lists, you can select a value. You can select a value such as 5 to view only those alerts that have occurred more than five times. Or, if you selected Host > equals from the first two drop-down lists, then you can select from a list of computers.

  • An Add Rule option that lets you access a drop-down list and add the following operators to your search:

    • AND

    • OR

    • NOT

  • A color-coded, left-click status progress bar above the Advanced Search pane. This control lets you filter alerts by severity level. After you filter by severity level, you may have to select Exclude Informational Alerts or Monitor Alerts Only to see the complete list of alerts again.

    See About Event Console alert filters.

An advanced search lets you view the same types of information that you can view about all alerts:

See Viewing alerts.

When you click any alert, you can manage it by changing the state. Click any flag in the State column to view details about an alert, acknowledge the alert, resolve it, or perform another action. These actions are accessible from the Actions drop-down list above the Advanced Search pane.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO64048

Terms of use for this information are found in Legal Notices