Filtering

Filtering options are presented in many areas throughout Vantage Ultimate and allow you to include or exclude information from your imports, analyses or reports.

Filters can be applied when:

• Importing data using the Filters page of the Import Wizard
• Generating Reports as Documents using the Filters page of the Generate Report Wizard
• Publishing Reports to the Web Module using the Filters page of the Publish Report to Web Module Wizard
• Creating a Node within a report template using the Filters page of the Template Node dialog (these filters apply to a single node / section in a report)
• Creating a Report Template using the Template Properties dialog (these filters apply to the entire report)

Filters can be defined in two ways:

• Using the Graphical Filter Editor.
• Typing or editing a Manual Filter Expression.

The Filters Interface

You will mainly use the Graphical Filter Editor to define what data include or exclude, but the Manual Filter Expressions gives you full control over the logic of the expression if needed. For example, you can change an AND to an OR, or move brackets to logically group parts of the filter etc.

To define a filter using the Graphical Filter Editor, click the Graphical Filter Editor radio button and click the Add button on the toolbar.

Most of the filters here are Date and Time Filters, enabling you to report on a date range, remove filter specific hours or weekdays, or report on a relative date to 'now' (useful when running the report as a scheduled task).

Field Value Filters on the other hand enable you to include or exclude specific field values from your data. For example, if you want to report on a user, a group of users, a website, a firewall action (blocked/allowed etc), then Field Value Filter is the option to chose.

Field Value Filter

On the Field Value Filter dialog, select the Summary you want to filter from the Summary drop down list. Optionally select any Aliases you want to filter by from the Aliases drop down list. Using aliases provides a handy pick list of the defined Alias groups to choose from.

Filtering with the Usernames Alias

If you are not using an Alias, click the Add button on the tool bar and type the values you want to include or exclude.

Filtering without an Alias

Note, for the filter to work, you must type the value exactly as it appears in your log data. It is a good idea to check the values in your Summaries by running an Analysis on a small amount of data.

Select either the Include or Exclude radio buttons depending on whether you want to include or exclude your Summary values.

Check the checkbox next to all the Values that you want to use in the filter and click OK.

Display Known
If you do not know the exact values to enter in your filter, you can use the Display Known button. This runs an Analysis on your open storages, and returns the values for the Summary selected in the Summary drop down list.

Warning: If you have a large amount of data in your Storages, DO NOT use the Display Known option as it can take a long time to return the values.

Wildcards
You can also use * as a wildcard character. For example, you can define a filter for any Search Terms that contain the word 'gun' by selecting the Site Keywords Summary and adding the value *guns*

IP Subnets
If you are filtering on an IP address summary, you can enter a CIDR value to filter on entire subnets such as 192.168.0.0\24.

Date Filter

When running a report, it is likely that you'll need to apply a Date Filter. Simply click Add | Date filter and select your desired date range.

Relative Date Filter

When running a report as a Scheduled Task, it is likely you'll need to apply a Relative Date Filter to avoid running the report on the same date range, or the entire storage, each time the task runs.

Simply click Add | Relative Date Filter and select the date range relative to 'now' (or when the task runs).

The Include Current Period checkbox includes the current day, week, or month (whatever period is selected in the dropdown list).

For example, imagine your scheduled task runs on the 15th of each month, and the relative date filter is set to report on the past 1 month. Checking the Include Current Period checkbox will include the past month, plus the 15 days in the current month. Leaving it unchecked will include just the previous month, not including the 15 days in the current month.

Day of Week Filter

Day of Week Filters enable you to select the days of the week to include or exclude.

For example, you can use a Day of Week Filter to include weekdays / excluding weekends. Or report on every Wednesday this month.

Time of Day Filters

The Time of Day filter enables you to include or exclude specific hours of the day.

You can use the bar at the top of the dialog to define your hours. Left-click to add, and right-click to remove hours.

For example, left-click and drag between 9am and 5pm (9 to 17), then right-click and drag between 12pm and 1pm (12 to 13) to remove those hours.

You can also use the Add / Edit and Delete buttons to define the hours to include.

Manual Filter Expressions

The Manual Filter Expression expression lets you type a filter expression and add it to the list of filters in the Graphical Filter Editor. You can also click the Manual Filter Expression radio button to edit the filter using the WebSpy Vantage expression language.

Multiple Filters

You can add as many filters as you need by clicking the Add button and selecting any of the available filter options above. By default, every filter you add is evaluated with an AND.

For example, if you have a Field Value Filter filter to include Username = Bob, and another Field Value Filter to include Username = Jane, then the filter will not match any data as a user cannot be Bob and Jane at the same time. In this situation, you should use a single Field Value Filter to include both Bob and Jane, but it is also possible change the ANDs to ORs by clicking the Manual Filter Expression option.