Help

Index Home > Report > Edit > Customize > Filtering

Filtering options

Many of the reports include optional Where fields. These allow you to enter a filter expression. The basic form of the expression is:

 column operator constant

where:

• column can be any field from the current database view.
• operator can be "=", "!=", "~" or "!~".
• constant can be an individual value, range or subnet, or a comma-separated list.

Examples:

  ipsource = 10.10.123.4

  ipdestination != 10.10.123.4,10.10.123.5

  ipsource = 10.0.0.0/8,192.168.0.0/18

  ipsource != 10.10.123.1-10.10.123.99

  serverport = 80,81,8080-8088

  sourcezone ~ research.*

(Note: There is a restriction that you cannot mix ranges and subnets in the same comma-separated list.)

If you need to filter on more than one column, you can use "&" (logical AND) "|" (logical OR) and parentheses "(", ")" to build a full boolean expression:

  (ipsource = 10.10.123.4) & (macdestination=FFFFFFFFFFFF)

  (sourcegroup=building1,building2) & (destinationgroup=building3)