Defining a Source Filter

You can add a new source filter that is assigned to the data model. The source filters bind multiple data models to a log source.

Procedure

In the Source filter field, enter the source filter statement that is assigned for this data model. Source filters can only be used on one or more system columns. All filter statements in the FILTER Statement section are supported. However, when running a full text search, the filter statement must be specified explicitly.
In the following example, 165 is the device type ID that is retrieved from LogLogic LMI and the log message contains <searchstring>:
```
sys_sourceType=165 AND sys_body CONTAINS '<searchstring>'
```
Note: If you specify multiple data models, the first model whose filter matches with the event is used to parse that event, extracting all columns specified by that model.
Click Validate to validate the filter statement.
To add a new parsing rule, click 2. Add sample events and parsing rules or click the right-arrow icon located on the right side of the page, or, to add only the source filter and save the data model, click Save.

What to do next

To add or edit a parsing rule in an advanced data model, see Adding a Parsing Rule in an Advanced Data Model.
To edit a GP parsing rule, see Editing GP Parser Rules.