Filter Event Sources

Note: For NetWitness 11.3.1, this functionality has been deprecated: use the ADMIN > Event Sources > Discovery view to filter event sources in. For details, see the NetWitness Event Source Management Guide.

In ADMIN > Health & Wellness > Event Source Monitoring, you can choose a filter to display the following types of events:

  • Events belonging to a particular event source
  • Events belonging to particular event source types
  • Events collected from a particular log Collector
  • Events list arranged in an order based on the Event Source Type, Log Collector, Log Decoder or Last Event Time

To filter the list of event sources:

  1. Go to ADMIN > Health & Wellness.
  2. Select Event Source Monitoring.

    The Event Source Monitoring tab is displayed.

    netwitness_evsrcmontab-nolabels.png

  3. Filter the list in one of the following ways:

    • To view the events generated by a particular event source, type the required event source in the Event Source field. Select Regex to enable Regex filter and click Apply. It performs a regular expression search against text and lists out the specified category. This field also supports the use of wildcard characters.

      All events generated by the Event Source specified are displayed.

    • To view events collected from a particular Log Collector, select a Log Collector from the drop-down list and click Apply.

      A list of all events being collected from the specified Log Collector from various event sources is displayed.

Note: You can also choose the following filters:
- To view events belonging to an event source type, select the event source type and click Apply.
- To view events received in a specified time frame, select the required time frame and click Apply. You can further filter the query results to contain only event sources that logs have been received from within the selected time, or query results to contain only event sources that logs have not been received from within the selected time.