WebSpy is a Fastvue Product

Support Center

Filtering On Import

Last Updated: May 13, 2016 01:33AM PDT
You can reduce the size of your storages, and increase the speed of reports by filtering your data before you import it into your Storages. You can do this by excluding data you will never be interested in reporting on, such as the 'anonymous' user in FTMG and ISA log files, or any traffic that was not successful. 

To do this use the Filters page of the Import Wizard. 

Some log formats have multiple schemas that data may be imported into, for example, FTMG has a Firewall and a Web schema, and IronPort has a Bounced Mail, a C530 Mail, an Email Encryption Appliance, a Traffic Monitor, and a WSA Access schema.

When you add a filter to your import, it's very important to add the filter to the correct schema, which you will be importing data into, otherwise the filter will not apply to your log files. For example, if you are importing only FTMG Web logs, and you add the filter to the Firewall schema, the filter will never apply to your log files.

On the Filters page of the Import Wizard use the Tabs to select the correct schema that applies to your log files before you specify your filters.

Filtering on Import in WebSpy Vantage

Please see our support article on Filters for more information on the types of filters you can define, and how filters work:

For example, to define a filter to exclude anonymous traffic:
1. Click Add | Field Value Filter
2. Choose Summary: Username; no alias
3. Choose Exclude, then click Add and type in 'anonymous', then click OK

To add a filter to exclude weekend traffic:
1. Click Add | Day Of Week Filter
2. Check the Weekdays checkbox, then click OK

To add a filter to include only business hours:
1. Click Add | Time Of Day Filter
2. Left-click and drag on the time bar the hours you would like to include, or use the Add button to specify other time ranges, down to the individual second. Click OK when you are done.

To add a filter to exclude failed traffic / include only successful traffic:
1. Click Add | Field Value Filter
2. For FTMG logs choose Summary: Action; for IronPort logs choose Summary: Status Code
3. For FTMG choose no alias; for IronPort choose Status Code Groups
4. Choose In
clude, then for FTMG click Add and type in Allowed; for IronPort choose everything except for Client Error and Server Error, then click OK

For other log formats, choose the summary that represents your status codes or action information, then enter the values that define success based on what's recorded in your log files. If you are not sure what this is, import a small sample of your log files with no filters, and run an ad-hoc analysis in Summaries to look at all of the data interactively.

This will allow you to see what is recorded in your log files and what you can use for filters.

Please also see our blog article on excluding entire Summaries or Fields from being imported:

Contact Us

seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found