Forum Discussion
11 years ago
That works for a single filter but what happens when I have to do multiple. Lets say I want to filter out Event ID 123 from source ABC and event id 456 from source DEF and event id 789 from source HIJ. If I created the to rules you specified:
EVENTID NoMATCH 123|456|789
EVENTSOURCE NoMatch ABC|DEF|HIJ
I have in affect filtered out event id 123 and event ID 456 and event ID 789 from all three sources ABC, DEF, and HIJ.
Now what happens if EVENTSOURCE DEF has an event 123 that is critical?
Related Content
- 2 years agoAnonymous