Versions Compared

Old Version 10

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version 11

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rw ui steps macro
Rw step

Select the Filter icon in the search window toolbar. The Operations over columns window appears with the Filter tab selected.

Image Modified
Rw step

Choose the required filter type in the Operation dropdown list. For a detailed list of available operations in Devo, check Operations reference.

You can click the icon next to the dropdown menu to filter the list of operations as required:

  • Operation type - Choose Normal if you want to display the values filtered, or Negated if you want to exclude the values filtered by the operation selected.

  • Operation category - Filter only Standard operations (default operations in Devo), Custom operations (operations defined by lookups), or All.

  • Sensitivity - Some operations have a case sensitive and a case insensitive version, for example, Contains - case insensitive (weakhas) and Contains (has, ->). Use these options to display only the sensitive or insensitive versions of these operations, or choose all to show both versions. Operations that don't have a sensitive and insensitive version will be visible regardless of the option selected. You can select the default option in your User preferences, and Admin users can do the same for all the users in the domain in their Domain preferences.

Rw step

Select the Arguments of the selected filter operation by clicking the Add argument button. Depending on the filter type selected, you will be prompted to select a set of specific arguments. 

You can select columns or also enter free text by clicking the icon shown below, as is sometimes required for an operation. For example, you might filter for URLs that contain the string bing

Additionally, you can include nested operations to modify the results of the column values or results of the main filter operation selected. Learn more about nested operations in Build a query in the search window.

Rw step

Click Filter when you're done. The data table will only show those events that meet the conditions of the filter applied.

...

Rw ui textbox macro
typeinfo

Unnamed columns

This filter option is not available for unnamed columns with literals or expressions. See the examples below:

Code Block
from siem.logtrust.web.activity
select responseTime*2
from siem.logtrust.web.activity
select 5
select "hello"

...