Overlapping Filter Application?

by Feb 27, 2015

How do overlapping filters get handled by Compliance Manager. For example, I want a general filter that brings in anything from domainuser1 for all sql servers, but I also want an additional filter on a single SQL Server to also bring in only entries from domainuser2 and domainuser3.

In the end, I want to collect all events from domainuser1, domainuser2 and domainuser3.

We have attempted to set this up in a number of ways, but have had no success. Overlapping rules (one for all sql servers and one for a particular instance) don’t appear to be combined and applied on collect.

Is this intended functionality? How does the collection process decide which filters to apply?

Thanks for any clarification you can provide on this critical issue for us.