Filtering events

In KUMA, you can specify what events to display in the events table using the query builder or SQL queries. Both search methods are interchangeable and search conditions can be viewed or created using either of them.

You can also modify filters in the events table using these shortcuts:

• Changing the filter from the Statistics window

  To change the filter from the Statistics window:

  1. Open Statistics details area:
     • In the drop-down list in the top right corner of the events table select Statistics.
     • In the events table click any value and in the opened context menu select Statistics.

     The Statistics details area appears in the right part of the web interface window.

  2. Open the drop-down list of a needed parameter and hover the mouse over the needed value.

     A plus and a minus icons appear near the value.

  3. Change the filter using plus or minus icons:
     • To include into the events selection only events with the selected value, click icon.
     • To exclude from the events selection all events with the selected value, click icon.

  As a result, the filter and the events table will be updated, and the new filter expression will be displayed in the top right corner of the Events window.

• Changing the filter from the events table

  To change filter from the events table,

  In the Events section of the KUMA web interface, click any event parameter value and select one of the following options in the opened menu:

  • To include into the events selection only events with the selected value, click Filter by this value.
  • To exclude events with the selected value from the events selection, click Exclude from filter.

  As a result, the filter and the events table will be updated, and the new filter expression will be displayed in the top right corner of the Events window.

• Changing the filter from the Event details area

  To change the filter from the event details area:

  1. In the Events section of the KUMA web interface, click the relevant event.

     The Event details area appears in the right part of the window.

  2. Change the filter using plus or minus icons near parameters you need:
     • To include into the events selection only events with the selected value, click icon.
     • To exclude from the events selection all events with the selected value, click icon.

  As a result, the filter and the events table will be updated, and the new filter expression will be displayed in the top right corner of the Events window.

You can also filter events by time period. Filter configurations can be saved. Existing filter configurations can be deleted.

Query builder and SQL search queries can be used to specify the number of events that are loaded per page. If the specified filter returns more events than can be displayed on one page (according to settings), when you reach the end of the page, the Show more events button appears. The maximum number of events that can be displayed on the page is specified in the LIMIT section of the query builder or in the LIMIT parameter of an SQL query. This functionality can be used only when events are also filtered by the time period.

Filter functions are available for users regardless of their roles.

Filtering events by period

In KUMA, you can specify the time period to display events from.

To filter events by period:

1. In the Events section of KUMA web interface open the drop-down list to the right from the drop-down list at the top of the window.
2. If you want to filter by a standard period, select one of the following:
   • 5 minutes
   • 15 minutes
   • 1 hour
   • 24 hours
3. If you want to set the period manually:
   1. In the drop-down list to the right from the drop-down list select In period.

      A window with a calendar opens.

   2. Set the start and end dates of the period using the calendar.

      The date and time format depends on your operating system's settings. If you want, you can change date values manually following the date and time format of your operating system.

   3. Click Apply Filter.
4. Click the button with the icon.

When the period filter is set, only events registered during the specified time interval will be displayed. The period will be displayed at the top of the window.

You can also set a period using the events histogram at the top of the Events section by clicking the grey box with the time frame you need, or by dragging the mouse over the required time period and clicking the Show events button.

Filtering events using the constructor

In KUMA you can filter events using the filter constructor.

To create a filter using the constructor:

1. In the Events section of the KUMA web interface, click the field and select the Builder tab.

   The filter constructor window opens.

2. Generate a search query:
   • In the SELECT section drop-down list select event parameter that must be displayed in the events table. You can select multiple parameters using ADD COLUMN button. By default, the * value is selected, which means that all available event parameters must be displayed.

     Selecting only few required parameters will omit unnecessary parameter details from displaying in the events table thus optimizing search process.

   • In the FROM section drop-down list select events.
   • In the WHERE section create search conditions:
     1. Select the event parameter you want to use as a filter in the left drop-down list.
     2. Select the required operator in the middle drop-down list. Available operators vary based on the chosen parameter's value type.
     3. Enter the value of the parameter.

        Depending on the selected parameter type, you may have to input the value manually, select it in the drop-down list, or select it on the calendar.

        You can add filter conditions using the Add condition button or delete them using the button with the icon.

        You can also add group conditions using the Add group button. By default, group conditions are added with the AND operator, but you can switch the operator between AND, OR, and NOT by clicking the operator name. Available values: AND, OR, NOT. Group conditions are deleted using the Delete group button.

   • In the ORDER BY section set the displayed events order:
     • In the left drop-down list select parameter that must be used for sorting events.
     • In the right drop-down list select ascending (ASC) or descending (DESC) sorting order.

     You can add event parameters for event sorting by clicking ADD COLUMN button or delete them using the button with the icon.

   • In the LIMIT section field enter the number of events displayed per page. By default, it is set to 250.
3. Click Search.

After this, only events matching he created filter are displayed in the events table, and the filter expression is displayed in the Search field.

To remove the filter:

1. In the Events section of KUMA click the field with the filter expression.

   The filter constructor window opens.

2. Click the New search button.

   Filter parameters will be reset.

3. Click the Search button.

The filter will no longer be applied to the displayed events.

This action will also delete the time-based filter.

Filtering events using SQL queries

In KUMA you can filter events using SQL syntax queries.

To create a filter using SQL search queries:

1. In the Events section of KUMA click the field and select the SQL query tab.

   The field for entering the search query opens.

2. Generate a search query.
3. Click Search.

After this, only events matching he created filter are displayed in the events table, and the filter expression is displayed in the Search field.

To remove the filter:

1. In the Events section of KUMA click the field with the filter expression.
2. Click New search.

The filter will no longer be applied to the displayed events.

This action will also delete the time-based filter.

Saving and selecting events filter configuration

In KUMA, you can save a filter configuration so it can be used in the future or by other users. When saving a filter, you save the settings of all the active filters at once: time-based filter, query builder, and the events table settings. Search queries are saved on the KUMA Core server and are available to all KUMA users of the selected tenant.

To save the current filter settings, search the query and time period:

1. In the Events section of the KUMA web interface, click the drop-down list next to the filter attribute and select Save current filter.
2. In the window that opens, enter the name of the filter configuration in the Name field. The name must contain 128 Unicode characters or less.
3. In the Tenant drop-down list, select the tenant that will own the created filter.
4. Click Save.

The filter configuration is now saved.

To select a previously saved filter configuration:

In the Events section of the KUMA web interface, click the drop-down list near the filter expression and select the relevant filter.

Selected configuration is active.

You can click the icon near the filter configuration name to make it a default filter.

The list of filter configurations can also be opened using Saved searches button in the filter builder window.

Deleting event filter configurations

To delete a previously saved filter configuration:

1. In the Events section of the KUMA web interface, click the drop-down list next to the filter search query and click the icon next to the configuration that you need to delete.
2. Click OK.

The filter configuration is now deleted for all KUMA users.

The list of filter configurations can also be opened using Saved searches button in the filter builder window.