excluding events based on details within the event description.
I'm proposing a new feature for the event monitoring functionality that would allow for more granular filtering based on event details.
Current Situation:
We currently monitor events based on Event IDs, such as Event ID 5136. However, there are situations where specific descriptions within those events are not relevant to our needs.
Proposed Feature:
The proposed feature would enable us to filter events based on keywords or phrases within the event description. This would allow us to:
1- Reduce Noise: Exclude irrelevant events like those containing "AC Power" in the description for Event ID 5136.
2- Improve Focus: Focus on the specific events that are most critical for troubleshooting and monitoring purposes.
Benefits:
Increased efficiency in event monitoring by focusing on relevant information.
Improved clarity and reduced clutter in the monitoring interface.
Enhanced ability to pinpoint root causes of issues.
Thank you for your attention to this matter.
I look forward to hearing you back
Amir Salehi
shared this idea
-
Scott Tindall
commented
When using the event 1033 for software installed i get hundreds of events created everyday from software like webroot and norton doing updates. A option to add exclusions based on Event discription.
For Example:
Product Name: Norton Update Helper. Product Version: 1.8.1649.5. Product Language: 1033. Manufacturer: Norton LifeLock -
PS
commented
This is critical in today's age of ransomware, for instance: an "Events by source" threshold could be used to watch for specific event IDs related to ransomware or problems, and IF we were giving this ability we could fine tune the alert to having actionable events only rather than just clutter. Atera we need this ability ASAP. This combined with the ability to prepend, or postpend to the subject line of an alert would be amazing for this platform.