Go Up
You are here: Data analysis and reportingView data and perform searchApply Filters

Use Filters (Simple Mode)

Filters are used to narrow your search results. To create a unique set of filters, you can:

  • Add different filters to your search. Search results will be sorted by all selected filters since they work as a logical conjunction (e.g., Who: Administrator AND Action: Added).
  • Specify several values in the same filter to search for any of them (e.g., Action: Modified ORAction: Removed). To do this, select a filter again and specify a new value.

    NOTE: Spaces do not separate values, so the whole expression will be included in your search as a single value. For example, if you want to search for any of three names, do not enter Anna Mark Bill but instead create a separate filter entry for each name.

Filter Types

Filter Description

Filter data by user (initiator) account.

Specify an account name (e.g., John) to find all entries containing it (e.g., Domain1\John, Domain1\Johnson, Domain2\Johnny, John@domain.com).

For exact match, use quotation marks and provide a user name in Domain\User or UPN format (e.g., “Domain1\John” or "John@domain.com") .

Filter data by action type (Added, Removed, etc.)

Select an action type from the list (Added, Removed, Modified, Read).

For additional actions, navigate to Advanced mode. See Advanced Mode for more information.

Specify an object name (e.g., Policy) to find all entries containing it (e.g., HiSecPolicy, \\FileSserver\Share\NewFolder\NewPolicy.docx, http://sharepoint/sites/collection1/Lists/Policy).

NOTE: Netwrix Auditor searches across all data sources.

For an exact match, use quotation marks and provide an object name in the format that is typical for your data source (e.g., “HiSecPolicy”).

Filter data by the time interval when the change occurred.

Specify a timeframe or provide a custom date range. Netwrix Auditor allows you to see changes that occurred today, yesterday, in the last 7 or 30 days, or within the specified date range.

Specify a resource name (e.g., Enterprise) to find all entries containing it (e.g., Enterprise-SQL, FileStorage.enterprise.local). The resource name can be a FQDN or NETBIOS server name, Active Directory domain or container, SQL Server instance, SharePoint farm, VMware host, etc.

NOTE: Netwrix Auditor searches across all data sources.

For an exact match, use quotation marks and provide a resource name in the format that is typical for your data source (e.g., “Enterprise-SQL”).

To add a filter to your search

  1. Click a filter type icon. Enter a value you want to search for.

    Alternatively, you can type a value directly into the Search field.

    • For exact match, use quotation marks.
    • To further restrict your search, right-click the value and select a filter from the pop-up menu. To search across all columns in the results view (everywhere—Who, What, Where, Action, etc.), leave it as is .

  2. Click Search to apply your filters. By default, all entries that contain the filter value are shown.

Modifying and Removing Filters

To... Do...

Modify filter

Double-click the filter and type a new value.

NOTE: If you need to modify the When filter, delete it and add a new value, or navigate to the Advanced mode (Simple mode does not support its modification).

Remove filter

Click the Close icon next to it.

Exporting and Importing Filters

To export or import filters as regular expressions, use the Tools menu commands:

To... Use...

Export

Copy search — copies the search filters that are currently applied to your search. This can be helpful if you want to share your search with a colleague (e.g., by pasting it in an email) or to modify a saved search query with your current filters.

Import

Paste search — pastes the search filters you copied before. These can be filters copied from a previous search or those someone shared with you.

Go Up