Management of Bloks
A Blok is a contextual element or filter that fits with other elements to form a search query. Build and save different Bloks that can be used in future searches rather than searching every time with the same filter. You can manage all types of Bloks from the Queries>Bloks page.
Finding Bloks
You can quickly find the desired Blok by typing the Blok name in the Find field. As you start typing the Blok name in the Find field, the Bloks page is automatically refreshed showing your selection.
Adding a Blok
If you usually search for events that provide you with specific information such as a specific time period you can create a custom Blok for that criteria and save it for later use.
|
1.
|
Navigate to Queries>Bloks page. |
|
2.
|
Click the Add Blok icon ( ) to add a new Blok and specify the following parameters: |
|
—
|
Blok type - Type of the Blok. It can be either a filter blok or a time blok. |
|
—
|
Name - Name of the Blok. It must be a unique name that consists of a single word with no special characters. This is a mandatory field. The Blok name cannot include a period (.). The name can include letters, numbers, hyphen, or underscore (_). |
|
—
|
Description - Description of the Blok. |
|
—
|
Source Statement - Enter the statement of the source in the Source statement field. Make sure to enter a valid syntax. Filter and Time Bloks support EQL and SQL syntax. For syntax information, see Event Query Language Reference. |
|
3.
|
Click Save to save the new Blok. |
Deleting a Blok
Procedure
|
1.
|
Navigate to Queries>Bloks page. |
|
2.
|
Select the Blok that you want to delete and click the Delete Blok icon ( ) to delete the selected Blok. |
|
3.
|
Click Yes on the confirmation window. |
Duplicating a Blok
Procedure
|
1.
|
Navigate to Queries>Bloks page. |
|
2.
|
Select the Blok that you want to duplicate and click the Duplicate Blok icon () to duplicate the selected Blok. |
|
3.
|
Specify the new name of the Blok and click Save. |
Showing or hiding columns
You can show or hide columns, except the mandatory column, from the table. Click (
) to view all available columns in the table. Select the check box to show the column. Clear the check box to hide the column from the table. The Bloks page is updated immediately.
The Bloks page information is described in the following table:
| Name |
The name of the Blok |
| Description |
The description of the Blok |
| Type |
The type of Blok |
| Created by |
The user who created the Blok |
) to duplicate the selected Blok.