When configuring a new destination in the 'Log Forwarding' tab, found in 'Log Management', of Operations for Logs, the filters 'Text' and 'Matches' do not forward the required logs despite the same filter working in the UI's 'Explore Logs' tab. 

Aria Operations for Logs (Formerly vRealize Log Insight) 8.x

The 'Log Forwarding' filter does not behave in the same way as the 'Explore Logs' filter. Machine learning is used to optimize results in 'Explore Logs' and is not available for 'Log Forwarding' 

To filter logs for specific words using the 'Text' and 'Matches' filters, you will need to add a wildcard (*) to the start and end of the search term.

Example;

• You want to forward password change events to SIEM. The term 'password was changed' will catch the event in 'Explore Logs'. 
• When configuring a new log forwarding destination, use the filter 'Text' and 'Matches' and the following search term;

  • *password was changed*

• If you are trying to forward from specific hosts, please add a hostname filter before the text filter.
• You can add extra text filters to the same line by hitting the 'enter' key after each search term.