Applying filtersΒΆ
To further facilitate monitoring and investigation, the Plixer Scrutinizer Alarm Monitor views support multiple approaches to applying filters to the Alarm Monitor views.
Time range filter
The Alarm Monitor views can be set to show alarm/event information for either a custom date and time range or a specified Last X period (last 15 minutes, last 24 hours, last week, etc.).
To view data for a different period, click the Time Range (calendar) button and configure the range to apply.
Hint
When a custom range is specified, click the up/down arrows to automatically adjust the dates to cover the same period of time.
Card/chart filters
By default, the Policies and Hosts tabs use sparkline cards to summarize severity distribution across policies or hosts. These cards can be clicked to apply a filter for policy violations or hosts matching the selected severity.
Other visualization types (timelines and connection diagrams) showing different event details (events, alarm policy category, etc.), can be selected from the View dropdown and used to quickly apply the corresponding filter.
Advanced filters
Clicking the Filters button opens a tray where one or more filters can be manually configured.
The following filtering options are available:
Policy
Severity
Risk
Hosts
Violators
Targets
Category (of alarm policy)
To apply a filter, expand the filter option/section, and select the criteria to use. Multiple options and criteria can be applied at the same time.
Note
The Risk filter is only available when the Plixer Endpoint Analytics integration is enabled. To learn more about Plixer Endpoint Analytics integration in Plixer Scrutinizer, see this section of this documentation.
The filter options tray also includes an option to show policies and hosts associated with events that have already been acknowledged.
When exporting alarm/event data (via the Options button/tray), use the Export CSV (All) option to ignore any filters currently applied.