Skip to content

Logical Operators Guide


Description

  1. Filters after keywords or expressions using the logical operators AND, OR, NOT:

Alt text

  1. Additional filters and combining method are available in the vertical tabs (Additional filters) and (Combining method):

Alt text

Logical comparators and their use:

In the additional filter field both simple and complex filters can be added with the help of logical operators AND, OR and NOT, for example for a search that results only certain users and a category (ex: Logoff) a complex filter can be created like this:

Logical AND (&&):

(UserName:" Administrator ") AND (Category:" Logoff ") Alt text as shown, on "UserName" appears "Administrator" and on "Category" appears "Logoff"

Also in the case that we're searching for a user event that doesn't include "Log Off" category a complex filter can be created like this:

Logical NOT (!):

(UserName:" Administrator ") NOT (Category: " Logoff ") Alt text as shown, on "UserName" appears "Administrator" and on "Category" does not appear "Logoff"

Logical OR (||):

(UserName:"Administrator") OR (Category:"Logoff") Alt text as shown, on "UserName" appears "Administrator" and on "Category" appears "Logoff"

_exists_:

EventID:4624 AND _exists_:UserName Alt text as shown, appears EventID:4624 and UserName

_missing_:

EventID:4624 AND _missing_:UserName Alt text as shown, appears EventID:4624 but not UserName

X TO Y:

EventID:[826001 TO 826016] Alt text as shown, appears starting with 826001, 826001 ... and ending with 826016