Prioritizing Custom Rules

The Custom Rules are prioritized in the order as they are displayed (from highest on the top) in the Custom Rules list.

The priority of rule determines the Retention rule that is applied to which log source. You can change the priority of custom rules by moving them up or down in the Custom Rules list.

To view the Retention rule that is applied to a device or group, click the View All Rules button. The screen displays the Effective Rule for every device and device group. The Effective Rule Name column displays the Rule that is in effect after considering rule prioritization.

Example

  1. We created two Custom Retention Rules named RR1Week and RR3Months that have Raw Data Retention period of 1 Week and 3 Months respectively.
  2. Then the device group named Windows Machines is assigned to the RR1Week retention rule.
  3. Similarly, a log source named FrontDesk1 is assigned to the RR3Months retention rule.
    Note: The FrontDesk1 is also part of the device group Windows Machines.
  4. Since FrontDesk1 is assigned to the RR3Months retention rule with a retention time of 3 Months and is also a part of the group Windows Machines with a retention time of 1 Week, to decide the Effective Retention Rule (that is, the retention time applicable to the data received from FrontDesk1) the system uses the data retention rule priorities. If the rule RR1Week is prioritized higher, then the Effective rule for FrontDesk1 is RR1Week.
  5. However, if the rule RR3Months is prioritized higher, then the Effective rule for FrontDesk1 is RR3Months.

Procedure

  1. From the left pane, select the Custom rule from the custom rule list. Using the drag-drop method, re-arrange the custom Rules in the priority order. The Change the Priority confirmation window appears.
  2. Click Yes in the confirmation window to change the priority of the selected rule. The Rules are prioritized in the order they are displayed (highest on the top).
  3. Click the Commit Changes button to commit the latest changes. Click the Revert Changes button to revert to the last committed changes.
    Note: After you make all changes, click the Commit Changes button to commit to all changes. After you click the Commit Changes button, the new data is stored as per the new rule.