Search filters provide ways to specify and narrow a search. Each filter represents terms that exist in various fields, such as Process Name or Hostname.
The percentage next to each term shows the relative frequency with which the term appears in the field.
No content appears in the search filters until after you have initiated a search. The search filters populate according to their match to the search results.
Enable or Disable Filters
Perform the following procedure to display only certain search filters on the Process Search page.
Procedure
- Select checkboxes to enable or disable the filters to display.
Disabling a filter removes it from view, and if it is part of the search query, those pieces of the query are removed. Enabling a filter places it back into view.
Select Multiple Filter Rows
You can select specific filter rows within a filter table by using your cursor. The search results are updated based on these selections.
-
Selecting multiple rows within a single filter updates the query with a logical OR between those filters. For example, choosing “bash” and “nginx” in the Process Name filter shows events related to either bash or nginx.
-
Selecting multiple rows across multiple filters updates the query with a logical AND between those filters. For example, choosing “bash” in the Process Name filter and “python” in the Parent Process filter shows instances of bash that were spawned by Python.
Selected filter rows are highlighted in yellow. You can click a filter row to deselect it.
Filter Row Percentages
Filter row percentages indicate the percentage of processes that have occurred in a particular filter. This is always equivalent to 100% when you add up all filter rows in a filter.
The top row in a filter has occurred more than any other process within that filter.
Filter Search Fields
Each filter contains a Search field into which you can enter search parameters to refine search results.
