Filtering Alerts​

On the Alerts page, you can filter alerts information in the following ways. If you instead want to modify summary boxes are displayed on the Alerts page, see the Summarizing Alerts topic.

Filtering​ alerts using the summary boxes

By using the summary boxes on the Alerts page, you can quickly add or exclude a value (for example, IP, user, or connector) from your search results.

1. In ActiveEye, in the left pane, click Alerts.
   The Alerts page appears.
   
2. In the upper-right corner of the page, click the Show Summary Boxes button ().
   The Summary Boxes section appears.
   
3. In any subsection within the Summary Boxes section, hover over an entry to reveal the and buttons.
   
4. If you click the button, checkboxes will appear beside each entry in the subsection. Select the checkbox beside each entry that you want to include in the search results, and clear the checkbox beside each entry that you want to exclude. To return to the original view of the subsection without making changes, click .
   -or-
   If you click the button, checkboxes will appear beside each entry in the subsection. Select the checkbox beside each entry that you want to exclude from the search results, and clear the checkbox beside each entry that you want to include. To return to the original view of the subsection without making changes, click .
5. To further refine your search, repeat steps 3 and 4 as needed.
6. In the upper-left corner of the Alerts page, click .
   The information displayed on the Alerts page is updated based on your selections.

Filtering alerts using the Edit Filters button​

1. In ActiveEye, in the left pane, click Alerts.
   The Alerts page appears.
   
2. In the upper-left corner of the page, click .
   A window on which you can edit filters appears. Each row represents a filtering rule that is currently in use.
   
   A more complex search query may contain multiple filtering groups, each containing its own filtering rules. Each rule group is processed separately when the search is run, and can be configured with either the And or Or operator to handle the relationship between its contained filtering rules. Here is an example of a search with two rule groups.
   
3. In this window, you can perform the following actions:
   • Edit an existing filtering rule: In the row for any filtering rule, modify the available criteria. For any rule group, you can also switch the toggle. Select And to return results that fulfill the criteria of each filtering rule within the rule group, or select Or to return results that fulfill the criteria of any of the filtering rules within the rule group.
   • Delete an existing filtering rule: In the row for any filtering rule, at the right side of the row, click .
   • Add a new filtering rule: To add a new filtering rule within a rule group, click . When you do, a new row will appear in the window in which you can select the criteria by which you want to filter.
   • Add a new rule group for complex queries: To add a new rule group, click . When you do, a new rule group containing a new, blank filtering rule will appear. Select the criteria for the new filtering rule, add additional filtering rules to the rule group as needed, and set the toggle to And or Or, depending on how you want the search to handle the relationship between the rule group’s contained filtering rules.
   tip

   At any time, you can click Default Filters to revert to default filter settings, or you can click Clear All Filters to delete all rule groups and filtering rules. Click Cancel at any time to cancel unapplied changes.

4. To apply your changes, click .
   The search results on the Alerts page are updated.