16. Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”source=’App1’ or source=’App3’”
17. Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”source=’App1’ or source=’App3’
or level=’error’”
18. Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”source=’App1’ or source=’App3’
or level=’error’ or level=’warning’”
19. Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”(source=’App1’ or source=’App3’
or level=’error’ or level=’warning’) and
source!=’Excel’”
20. Level Source … …
Error Word … …
Error Excel … …
Info Word … …
Warning Excel … …
Error App1 … …
Warning App1 … …
Error App3 … …
filter=”(source = ’App1’ or source =
’App3’or level = ’error’ or level =
’warning’) and source != ’Excel’”
filter=”(source in (’App1’,’App3’) or
level in (’error’,’warning’)) and source
!= ’Excel’”
21. filter = (id NOT IN ('3', '4', '6', '11', '16', '23', '24', '27', '29', '36', '46', '47',
'50', '56', '134', '142', '219', '267', '270', '1006', '1009', '1014', '1030', '1035',
'1036', '1055', '1058', '1071', '1073', '1085', '1102', '1110', '1111', '1112', '1131',
'1291', '1500', '3095', '5719', '5722', '5783', '5788', '5789', '6008', '7000', '7001',
'7003', '7005', '7009', '7011', '7022', '7023', '7024', '7026', '7030', '7031', '7034',
'7038', '7041', '9015', '9018', '9026', '9028', '10009', '10010', '10016', '10149',
'12294', '15300', '15301', '24679', '36887', '36888', '40960', '40961', '45056') AND
level IN ('error', 'warning')) OR (id IN ('3') AND source NOT IN ('FilterManager') AND
level IN ('error', 'warning')) OR (id IN ('4') AND source NOT IN ('q57','L2ND') AND level
IN ('error', 'warning')) OR (id IN ('6') AND source NOT IN ('Security-Kerberos') AND
level IN ('error', 'warning')) OR (id IN ('11') AND source NOT IN ('Kerberos-Key-
Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('16') AND source NOT
IN ('WindowsUpdateClient') AND level IN ('error', 'warning')) OR (id IN ('23') AND source
NOT IN ('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('24') AND source NOT IN
('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('27') AND source NOT IN
('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('29') AND source NOT IN
('Kerberos-Key-Distribution-Center') AND level IN ('error', 'warning')) OR (id IN ('36')
AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('46')
AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('47')
AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('50')
AND source NOT IN ('TermDD','Time-Service') AND level IN ('error', 'warning')) OR (id IN
('56') AND source NOT IN ('TermDD') AND level IN ('error', 'warning')) OR (id IN ('134')
AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('142')
AND source NOT IN ('Time-Service') AND level IN ('error', 'warning')) OR (id IN ('219')
AND source NOT IN ('Kernel-pnp') AND level IN ('error', 'warning')) OR (id IN ('267') AND
source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('270') AND
source NOT IN ('Storage-agents') AND level IN ('error', 'warning')) OR (id IN ('1006')
AND source NOT IN ('DNS Client Events','GroupPolicy') AND level IN ('error', 'warning'))
OR (id IN ('1009') AND source NOT IN ('picadm') AND level IN ('error', 'warning')) OR (id
IN ('1014') AND source NOT IN ('DNS Client Events') AND level IN ('error', 'warning')) OR
(id IN ('1030') AND source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR
(id IN ('1035') AND source NOT IN ('TerminalServices-RemoteConnectionManager') AND level
IN ('error', 'warning')) OR (id IN ('1036') AND source NOT IN ('TerminalServices-
RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1055') AND
source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1058') AND
source NOT IN ('GroupPolicy') AND level IN ('error', 'warning')) OR (id IN ('1071') AND
source NOT IN ('TerminalServices-RemoteConnectionManager') AND level IN ('error',
'warning')) OR (id IN ('1073') AND source NOT IN ('USER32') AND level IN ('error',
'warning')) OR (id IN ('1085') AND source NOT IN ('GroupPolicy') AND level IN ('error',
'warning')) OR (id IN ('1102') AND source NOT IN ('SNMP') AND level IN ('error',
'warning')) OR (id IN ('1110') AND source NOT IN ('GroupPolicy') AND level IN ('error',
'warning')) OR (id IN ('1111') AND source NOT IN ('Server Agents') AND level IN ('error',
'warning')) OR (id IN ('1112') AND source NOT IN ('GroupPolicy') AND level IN ('error',
'warning')) OR (id IN ('1131') AND source NOT IN ('TerminalServices-
RemoteConnectionManager') AND level IN ('error', 'warning')) OR (id IN ('1291') AND
source NOT IN ('NIC-agents') AND level IN ('error', 'warning')) OR (id IN ('1500') AND
source NOT IN ('SNMP') AND level IN ('error', 'warning')) OR (id IN ('3095') AND source
NOT IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5719') AND source NOT
IN ('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5722') AND source NOT IN
('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5783') AND source NOT IN
('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5788') AND source NOT IN
('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('5789') AND source NOT IN
('Netlogon') AND level IN ('error', 'warning')) OR (id IN ('6008') AND source NOT IN
('Eventlog') AND level IN ('error', 'warning')) OR (id IN ('7000') AND source NOT IN
('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7001') AND
source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN
('7003') AND source NOT IN ('service control manager') AND level IN ('error', 'warning'))
OR (id IN ('7005') AND source NOT IN ('service control manager') AND level IN ('error',
'warning')) OR (id IN ('7009') AND source NOT IN ('service control manager') AND level IN
('error', 'warning')) OR (id IN ('7011') AND source NOT IN ('service control manager')
AND level IN ('error', 'warning')) OR (id IN ('7022') AND source NOT IN ('service control
manager') AND level IN ('error', 'warning')) OR (id IN ('7023') AND source NOT IN (
('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7024') AND
source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN
('7026') AND source NOT IN ('service control manager') AND level IN ('error', 'warning'))
OR (id IN ('7030') AND source NOT IN ('service control manager') AND level IN ('error',
'warning')) OR (id IN ('7031') AND source NOT IN ('service control manager') AND strings
not like 'citrix' AND level IN ('error', 'warning')) OR (id IN ('7034') AND source NOT IN
('service control manager') AND level IN ('error', 'warning')) OR (id IN ('7038') AND
source NOT IN ('service control manager') AND level IN ('error', 'warning')) OR (id IN
('7041') AND source NOT IN ('service control manager') AND level IN ('error', 'warning'))
OR (id IN ('9015') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR
(id IN ('9018') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id
IN ('9026') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN
('9028') AND source NOT IN ('Metaframe') AND level IN ('error', 'warning')) OR (id IN
('10009') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR (id
IN ('10010') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning')) OR
(id IN ('10016') AND source NOT IN ('DistributedCOM') AND level IN ('error', 'warning'))
OR (id IN ('10149') AND source NOT IN ('WindowsRemoteManagement') AND level IN ('error',
'warning')) OR (id IN ('12294') AND source NOT IN ('Directory-Services-SAM') AND level IN
('error', 'warning')) OR (id IN ('15300') AND source NOT IN ('HTTPEVENT') AND level IN
('error', 'warning')) OR (id IN ('15301') AND source NOT IN ('HTTPEVENT') AND level IN
('error', 'warning')) OR (id IN ('24679') AND source NOT IN ('Cissesrv') AND level IN
('error', 'warning')) OR (id IN ('36887') AND source NOT IN ('Schannel') AND level IN
('error', 'warning')) OR (id IN ('36888') AND source NOT IN ('Schannel') AND level IN
('error', 'warning')) OR (id IN ('40960') AND source NOT IN ('LSASRV') AND level IN
('error', 'warning')) OR (id IN ('40961') AND source NOT IN ('LSASRV') AND level IN
('error', 'warning')) OR (id IN ('45056') AND source NOT IN ('LSASRV') AND level IN
('error', 'warning'))
22. Numbers, constants etc
Key Safe Key Description
= eq Equals
!= ne Not equals
> gt Greater than
< lt Less than
>= ge Greater or equal than
<= le Less or equal than
in ( <LIST OF VALUES>) In a given list
not in (…) Not in a given list
23. Strings
Key Safe Key Description
= eq Equals
!= ne Not equals
> gt Greater than
< lt Less than
>= ge Greater or equal than
<= le Less or equal than
in ( <LIST OF VALUES>) In a given list
not in (…) Not in a given list
like Substring matching
regexp Regular expression
not like Opposite of like
not regexp Opposite of regexp