The ability to perform advanced searches using alert filters is new with Symantec Management Platform 7.1.You can use this built-in search function to help you manage alerts. The advanced filtering function is available from the main Event Console window, which you access from Symantec Management Console under Manage > Events and Alerts.
In the main Event Console window, you click the magnifying glass next to the Search field and the Advanced Search pane opens. In the Advanced Search pane, you can choose from a predefined list of search criteria or type your own criteria. You can add other rules to an advanced search to further customize it.
The following advanced search tools let you narrow the list of filters to manage:
Three drop-down lists from which you select subsets of alerts
In the first drop-down list you can enter or select a search type.
Search types include the following:
In the second drop-down list you can enter or select a search operator.
The search type that you select from the first drop-down list determines the search operators that appear in the second drop-down list.
Some or all of the following search operators appear in the second drop-down list:
In the third drop-down list, enter or select additional search criteria to apply to the selected search type that uses the selected search operator.
After you select or enter a search type and one or more search operators, additional search criteria appear in the third drop-down list.
For example, if you enter or select count > greater than in the first two drop-down lists, you can select a value. You can select a value such as 5 to view only those alerts that have occurred more than five times. Or, if you selected Host > equals from the first two drop-down lists, then you can select from a list of computers.
An Add Rule option that lets you access a drop-down list and add the following operators to your search:
A color-coded, left-click status progress bar above the Advanced Search pane. This control lets you filter alerts by severity level. After you filter by severity level, you may have to select Exclude Informational Alerts or Monitor Alerts Only to see the complete list of alerts again.
When you click any alert, you can manage it by changing the state. Click any flag in the State column to view details about an alert, acknowledge the alert, resolve it, or perform another action. These actions are accessible from the Actions drop-down list above the Advanced Search pane.
Imported Document ID: HOWTO64048
Subscribing will provide email updates when this Article is updated. Login is required.