06-17-2026 06:09 AM
Hi team,
I’d like to suggest a small but impactful improvement to the Traffic Logs filtering workflow.
Today, when we click on a value in a log entry (e.g. source IP, destination IP, user, etc.), it automatically adds that value to the search bar as a positive filter (e.g. eq / in). This is extremely useful and significantly speeds up building queries.
However, during investigations, it is very common to also build exclusion filters (e.g. neq / not in) while drilling into traffic patterns. Right now, this requires manually editing the query after adding the value, which slows down the workflow.
Suggestion:
Introduce a quick way to add a value as a negated filter directly from the log view. For example:
neq / not in)Benefit:
This would significantly speed up investigative workflows by allowing analysts to quickly include or exclude values without manually editing the query syntax, reducing friction and improving usability during time-sensitive troubleshooting.
Thanks for considering this improvement — it would be a great enhancement for daily SOC / network analysis workflows.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
