Global filters are classified as Public Filters. Global filters are processed at the Collector Manager sequentially for each event until a match is found. Global filter evaluation stops for that event and the matched global filter action is taken for that event. The order of evaluation of global filters is top to bottom, as shown in the Console. They can be enabled or disabled as needed.
Global filters do the following:
Enable a global action on events, such dropping events, routing events to the database only or routing events to the database and the Sentinel Control Center or Routing events only to GUI or Sentinel Control Center
Are processed by Collector Manager
Are configured in the Admin tab under the Global Filter Configuration option where they can be enabled and disabled
Drop events
Can route events to the database only
Can route events to the database and to the Sentinel Control Center
Can route events only to Sentinel Control Center
Through the Global Configuration window, you can:
Create Global Filter
Rearrange a Global Filter
Delete a Global Filter