Filters

NXLog Platform includes log filtering capabilities that enable you to perform log analytics tasks. There are two ways you can add filters to your log search:

Graphical mode — Allows you to create your search filter through actions in the NXLog Platform GUI.
Advanced mode — Allows you to compose more complex SQL-like queries.

You can create and save a filter for future use and share it across your organization.

Table 1. Filter components explained
Filter component	Description
Filter name	A name to identify your filter.
Field name	The event field to which to apply the filter.
Operator	The comparison operator that will be used to evaluate the field value. The available operators are: Equal to Not equal to Greater than Greater than or equal to Less than Less than or equal to Like Insensitive like In Not in Is not null Is null
Value	The value to match. The data type depends on the chosen field.

Graphical mode

The following applies when using the graphical mode:

Includes a free text field to filter your logs.
Allows the selection of existing filters.
Incorporates options to create filters and filter groups.
Allows you to use the OR and AND operators-
- between filters when added to the search.
- between filters in a filter group.
- between filter groups.

Advanced mode

The advanced mode lets you filter your logs by creating SQL-like queries.

If you create or edit a query in advanced mode, you cannot switch back to graphical mode.

The following applies when using the advanced mode:

It uses SQL-like queries.
You can filter logs based on fields like ModuleType and Hostname.
It is possible to use the OR and AND operators to combine multiple conditions (like boolean logic).
It encompasses the possibility of using the supported operators listed in the table above.
If you switch to advanced mode after applying filters in graphical mode, the filters will convert to an advanced mode search string.