If you usually search for events that provide you with specific information such as user name or severity, you can create a custom Blok for that criteria and save it for later use.
Procedure
From the Search page, click
located next to the
Search field, and select next to the
Search field, and select
New Blok.
Select the
Blok type from the list.
Enter the name of the Blok in the
Name field. It must be a unique name that consists of a single word with no special characters. This is a mandatory field.
The Blok name cannot include a period (.).
The name can include letters, numbers, hyphen, or underscore (_).
Enter the description of the Blok in the
Description field.
Enter the statement of the source in the
Source statement field. Make sure to enter a valid syntax. Filter and Time Bloks support EQL and SQL syntax. For syntax information, see
Search Syntax Reference.
Click
Save to save the new Blok.
Result
The new Blok is added in the
Choose Blok
list and is displayed in the
Search field.
located next to the