Creating or Modifying a Query for Filtering

2.7.1 Creating or Modifying a Query for Filtering

To create or modify a query for use in filtering audit records, click Filter. The Query Dialog box opens.

Figure 2-4 Audit Viewer Query Dialog

Click Add to create fields for a new query. The query can be deleted by clicking Delete.

When adding a condition, the corresponding label is added into the Expression field. It is added to the end of the expression with the selected Operator (AND or OR). Similarly, when the condition is removed from the query, the corresponding label is automatically removed from the expression and the expression is adjusted. When Use Bracket is selected, then the whole expression is closed in brackets before adding the new condition.

The query is validated before it is saved or executed. Several things are verified:

Name is filled (verified for Save operation only, for Query Execution operation the name can be empty)
All conditions have correct operator and correct value (empty value not allowed and must correspond to field type)
Expression is well formed Boolean expression

Whenever any error occurs, the user is notified either in the Message Panel at the top of the Dialog box or next to the GUI element which caused the error (a condition or expression box).

Click Save to save a query for later use. The query appears in the Query List panel.

Click Save As to open a prompt asking for a new name. Confirms the name. A new query is created and saved for later use. The query appears in the Query List panel.

Now the query is ready for execution. Execute the query by clicking Apply.