Filtering Events

You can filter the events displayed in the System Events list per specified criteria.

To filter the events displayed in the System Events list

From the Severity drop-down list (at the top of the System Events page), select the severity of events that you want to view (the options include: High & Medium, High, Medium, Low). By default, All event severities are displayed.
From the Endpoint drop-down list, select the particular endpoint for which you want to view events (or select All to view all endpoints).
Expand the More Filters section by clicking to filter the events displayed according to additional criteria, as described in the table below.
When you have finished defining your search criteria, click Show to update the event list according to the specified details.
To clear the filter fields, click Reset.

More Filters

Filter	Description
Category	To search for events by category (by the mechanism that generated the event), select an option from the list or select All to view events from all event categories. (The available category depends on the event Source.) Options include: Identity Theft (Identity Theft source) Installation (Agent source) Functionality (Agent, Application Server, Health Monitoring, Notification Service, Rule Engine source) Data Loss (Agent, Database, Web Console source) Tampering (Agent source) Communication (Agent, Application Server, Notification Service source) Recording (Agent source)
Component	To search for events by the component type on which the events were reported, select an option from the list (Agent, Application Server, Database, File System, Web Console, Rule Engine, Notification Service, Health Monitoring Service), or select All to view all events.
Login	To search for events by the login name of the user who ran the session in which the event(s) occurred, select an option from the list (or select All).
Client	To search for events by the client computer from which the user logged in, specify the details (or search for it), or select All to view all events.
Event ID	To search for a specific event by ID, type the event ID in the text box.
Status Details	To search for events by status details, select an option from the list (No heartbeat, Service Stopped, Unrecorded Agent Sessions, and so on), or select All to view events according to all status details. For further details, see Assessing Agent Statuses and Details.
Event Code	To search by event code, select an option from the list, or select All to view all events. You can click to view a list displaying the code numbers and details of all events.
Source	To search by source (the component that reported the event), select an option from the list (or select All). During the live monitoring of ObserveIT, events can be triggered from the following sources: Identity Theft events are triggered by user login or pairing requests. Agent events are triggered by the Agent (for example, during health check monitoring). Notification Service events are triggered by the Notification Service (for example, "Monitor log could not write to file"). Application Server events are triggered from the Application Server (for example, "The ITM On-Prem (ObserveIT) Application Server has stopped working"). Web Console events are triggered from the Web Console (for example, "Allocated storage space has reached its limit"). Services events are triggered by system services. Database events are triggered by the database. Health Monitoring events are triggered by the Health Monitoring Service. Rule Engine events are triggered by the Rule Engine Service.
Remediation Status	To search for events by remediation status, select an option from the list: New & In Process New In Process (currently being handled) Closed All (this includes only events that are New and In Process)
Email Sent	To search for events for which an email notification was sent or not sent, select Yes or No, or select All to view all events.
Comment	To search for events by comment, type the relevant text in the text box.
Period	To specify the time period during which to search for events: Select During last, and specify the required number of days, weeks, months, years. The default time period is 1 day. -Or- Select Between and specify the start and end (To) dates for the time period.