Filter Conditions

Filter conditions specify when a rule should match. If the condition of a rule evaluates to true, EventReporter executes the actions configured in that rule.

Why filters matter

Filters let you reduce noise and react only to the events that matter. Typical criteria include:

• event log name or channel

• event source

• event ID

• severity or type

• message content

• user or computer context

Important behavior

• An empty top-level AND condition evaluates as true.

• That means a rule with no additional filters matches every event that reaches it.

• String matching is case-sensitive unless the specific filter documents a different behavior.

Example

Use broad filters first, then narrow them until the rule matches exactly what you intend.

Detailed filter references

• Global Conditions
• Date Conditions
• Operators
• Filters
  • REGEX Compare Operation

Basic filters

• General
• Date/Time
• InformationUnit Type

Event log monitor filters

• Event Log Monitor
• Event Log Monitor V2

Custom properties

• Custom Property
• Extended Number Property
• Extended IP Property
• File Exists
• Store Filter Results