Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Every flow must start with a source filter. There are 2 available options:

  1. Flow Source - Using an existing flow, multiselect or All data.

Field Label

Allowed Inputs

Default value

Description

IDS

Multiselect, existing Flow Id or AllData.

previous Previous Flow Id or AllData if previous flow not present.

A list of sources to join in into the flow
Can have multiple selected

Info

This component must always be single and first in the flow

.

...

2. Source and Data filter - Using a simple query to filter only matching events.

The syntax is equivalent to XPLG Search syntax (queries) in order to allow to filter specific events from specific sources.

Field Label

Allowed Inputs

Default value

Description

QUERY

Simple query.

simple examplesExamples:

  1. error

  2. username=assaf

  3. log.somelogname

  4. * in log.somelogname

Empty

Use A simple query to filter only matching events.

...