Filtering Rules according to "Last response" Field

Hi there,

As I understand, there are 3 kinds of Last response for rules - Succeeded, Warning, and Failure.

I would like to filter rules according to just these 3 statuses. It appears that there is currently no way of doing so, based on what I have seen at both the Rules and Rule Monitoring page (both of which contain the same Last response field). The Up/Down arrow button does not appear when I hover my cursor over the column name (unlike the 3 columns which have this feature - Rule, Last updated and Activated).

The reason why I would like to do so, is because there are some rules which rely on some Beats which I am not using. These rules happen to have the Warning status. Thus, I would like to quickly filter for these rules with Warning status, then deactivate them in one fell swoop.

In summary, I am looking to:

• Either: Filtering rules according to the Last response field
• Or: A way to filter rules based on its data sources

Having both would be awesome in the long-run I suppose, but my immediate need is for the latter.

(P.S. My apologies in advance if this is due to a knowledge gap on my part, rather than an unimplemented feature.)

Thank you for your time!

Hi @inf - You are correct, there is no way currently to actually sort the Last Response field. Would the rules you're looking to filter out have specific tags you can use to filter them?

Hello! Thank you for your reply.

Unfortunately, these rules do not have common tags.

Nonetheless, I greatly appreciate your time in replying! Have a great week ahead.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.