Filtering options
Many of the reports include optional Where fields. These allow you to enter a filter expression. The basic form of the expression is:
column operator constant
where:
- column can be any field from the current database view.
- operator can be "=", "!=", "~" or "!~".
- constant can be an individual value, range or subnet, or a comma-separated list.
Examples:
ipsource = 10.10.123.4
ipdestination != 10.10.123.4,10.10.123.5
ipsource = 10.0.0.0/8,192.168.0.0/18
ipsource != 10.10.123.1-10.10.123.99
serverport = 80,81,8080-8088
sourcezone ~ research.*
(Note: There is a restriction that you cannot mix ranges and subnets in the same comma-separated list.)
If you need to filter on more than one column, you can use "&" (logical AND) "|" (logical OR) and parentheses "(", ")" to build a full boolean expression:
(ipsource = 10.10.123.4) & (macdestination=FFFFFFFFFFFF)
(sourcegroup=building1,building2) & (destinationgroup=building3)