Technical Guide > Viewing and Notifying

Filters are used throughout ELM for Event collection, Views, Archiving and Notifications.

Filter types:

Include - This filter is used to specify what events are either collected, showed in a view or archived.

Exclude - This filter are used to exclude event from being collected, excluded from viewing or excluded from archiving.

Correlation - These are used to correlate one event against another event and used in Correlation views only.

Criteria:

Default for all of the fields is *, this means match ALL. Wild-cards are supported in these fields: ? - match one character, | - means OR, & - And the following, ! - NOT exclude this.

Monitoring Categories - These are user defined categories for organizing servers.

Event Type - Type of event: Error, Warning, Informational, Success, Failure, Critical, Verbose

Computer - Server or computer name

Log - Windows Event log: Application, security, etc

User - This is the same user field used in a standard Windows event

Source - Event source

Event ID - Event ID

Task Category - Event Task Category

Message - Text contained the event message field. If using this field be sure to use wild-cards for string search the message field.