The Filters feature in Sentinel allows you to customize the event search and prevent data overload. This feature provides a Filter Builder that helps you build search queries ranging from simple to complex. You can save a search query as a filter and reuse it as required, so you can perform a search by selecting the filter rather than specifying the query manually every time.
You can reuse filters while using or configuring Sentinel features, such as:
Configuring Data Synchronization. For more information, see Configuring Data Synchronization
in the NetIQ Sentinel 7.0.1 Administration Guide.
Configuring a Data Retention policy. For more information, see Configuring Data Retention Policies
in the NetIQ Sentinel 7.0.1 Administration Guide.
Configuring the data visibility settings for a role. For more information, see Creating a Role
in the NetIQ Sentinel 7.0.1 Administration Guide.
Creating dashboards. For more information, see Section 5.2, Creating a Dashboard
Configuring event routing rules. For more information, see Configuring Event Routing Rules
in the NetIQ Sentinel 7.0.1 Administration Guide.
Viewing real-time events in Active Views. For more information, see Section 10.0, Viewing Events.
Sentinel provides a list of filters by default. You can also create your own filters.