Exclusion event filter

In addition to the simple filter options, exclusion event filters exclude certain event types. Using this filter, you define the criteria of the events to exclude. You can use this filter activate a group of events and then exclude some of the events in that group.

This filter type is useful when you want to create a filter based on a severity or a category of events, but you want to exclude some specific event types. Instead of creating event filters for each event that you want to include, you can specify the event types that you want to exclude. By using exclusion event filters, it is easier to remove events that you do not want to monitor.

For example, using this filter type you can monitor the Windows® Security event log events, but exclude security alerts 528, 551, and 552.

Related concepts

Events that are available for filtering
Simple event filter
Duplication event filter
Threshold event filter
Related tasks

Selecting specific events for filtering
Related reference

Event Filter Builder window
Event Filter Builder window: Category page
Event Filter Builder window: Day and Time page
Event Filter Builder window: Event Text page
Event Filter Builder window: Event Type page
Event Filter Builder window: Extended Attributes page
Event Filter Builder window: Sender Name page
Event Filter Builder window: Severity page
Event Filter Builder window: System Variables page
Event Filter Builder window: Excluded Event Type page

Table of Contents