Overview

Follow the instructions provided below to clear specific events from the database backend used by GFI EventsManager.

Process

EventsManager 2011 and older

1. Within GFI EventsManager interface, navigate to the Events Browser tab.
2. Under the Events Browser tab, select the intended event log type tab (example: Windows Events), then select a query under the log type tab.

Note: If there is not a defined query for events you intend to remove, you can create your own custom query to include only these intended events.  Also, be aware that the clear events option removes all events under the query, so it is necessary to configure your query appropriately.

3. Once you have selected the intended query, right-click the query and select to Clear all events.

Another option to purge or relocate specific events is to create a database operation:

1. Within the GFI EventsManager interface, navigate to the Configuration tab.
2. Select the options tab, then select Database Operations on the left under the Configurations section.
3. Create a new job according to the desired task and run immediately or schedule for later.

Note: It is necessary that the task does not exceed 4GB in size when an event purge or relocation is performed. This limitation would have an upper barrier of approximately 4 million events.

EventsManager 2012 SR1 / 2013

Later versions have introduced the logical deletion of events via the events browser. Using the Delete events action from within a view marks the events as deleted within the database.

They are not physically removed from the database, but once deleted they will not be shown in the events browser or reports anymore.