Skip to main content

Filters

Review the table below to learn more about filters. The filters correspond to Activity Record fields.

FilterDescriptionSupported Operators
RIDActivity Record ID. Limits your search to a unique key of the Activity Record. Max length: 49.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
WhoLimits your search to a specific user who made the change (e.g., Enterprise\Administrator, administrator@enterprise.onmicrosoft.com). Max length: 255.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith, InGroup, NotInGroup
WhereLimits your search to a resource where the change was made (e.g., Enterprise-SQL, FileStorage.enterprise.local). Max length: 255.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
ObjectTypeLimits your search to objects of a specific type only (e.g., user). Max length: 255.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
WhatLimits your search to a specific object that was changed (e.g., NewPolicy). Max length: 1073741822Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
DataSourceLimits your search to the selected data source only (e.g., Active Directory). Max length: 1073741822Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
Monitoring PlanLimits your search to a specific monitoring plan—Netwrix Auditor object that governs data collection. Max length: 255.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
ItemLimits your search to a specific item—object of monitoring—and its type provided in brackets. Max length: 1073741822.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith, Various item types such as AD container, NetApp, Computer, Office 365 tenant, Domain, Oracle Database instance, EMC Isilon, SharePoint farm, etc.
WorkstationLimits your search to an originating workstation from which the change was made (e.g., WKSwin12.enterprise.local). Max length: 1073741822.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
DetailLimits your search results to entries that contain the specified information in Detail. Max length: 1073741822.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
BeforeLimits your search results to entries that contain the specified before value in Detail. Max length: 536870911.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
AfterLimits your search results to entries that contain the specified after value in Detail. Max length: 536870911.Contains (default), DoesNotContain, Equals, NotEqualTo, StartsWith, EndsWith
ActionLimits your search results to certain actions (e.g., Added, Removed, Modified, Read).Equals (default), NotEqualTo, List includes Added, Removed, Modified, Read, Moved, Renamed, Checked in/out, etc.
WhenLimits your search to a specified time range. Supports various date/time formats.Equals (default), NotEqualTo, Within timeframe: Today, Yesterday, LastSevenDays, etc., From..To interval
WorkingHoursLimits your search to the specified working hours. You can track activity outside business hours by using the NotEqualTo operator."From..To" interval, Equals (default), NotEqualTo