When creating subscriptions you must create a filter on each subscription to filter the incoming collected events from your forwarders. Many customers are using the same filters repetitively with the only difference on the subscription being the assigned forwarders. To expedite the subscription creation we recommend you create your own managed filters in Supercharger. This will allow you to reuse the filter on any subscription by selecting it from a drop-down menu when you create the subscription.
To create managed filters in Supercharger:
- Click on Settings in the left menu.
- Then click on the "Managed Filters" tab.
- Next click on the green "Add" button.
- Select the filter of your choice: Security or Raw.
- Security - This option will walk you through a step-by-step GUI to create a managed filter for the Windows Security Log.
- Name the managed filter.
- By default we allow all events so as not to accidentally overlook an event ID. You can suppress events by ticking the suppress box next to any audit category.
- You can also suppress events that are known noise in the Security Log.
- You can add custom Xpath to the filter if needed.
- In the Summary window you can view the complete Xpath of the managed filter.
- Raw - This option will allow you to create a managed filter for use with any log in Windows Event Viewer. Simply name the filter and paste in the Xpath. If you're not an Xpath expert there is no need to worry. Simply go to Event Viewer, select the appropriate log and click filter on the right. Create your filter as you normally would and when you are finished click on the XML tab. Copy the Xpath query from there into Supercharger.
- Now when you create subscriptions you will see this new filter in the list of Manage Filters in the subscription creation GUI.
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!