If you create a brand new user, and login as that user, you should get the defaults back. You can then export them (one group at a time), and import them back to the other user
Thank you Guac
I was logging into the LEM as a DS User in the Administrator role. This is where I started working in LEM. This is the user where I started to question my filters after working with them for a couple weeks.
Following your advice, I built a LEM User and gave it the Administrator role. I logged in as that user and took screen shots of the filter list. (Interest note here, I was able to see filters that I had created with my DS User. I wasn't expecting to see that. I assumed that filters would not be available to other users.) I then logged in with my DS User and started comparing the filter list. They matched up, all the filters the LEM User has, the DS User has as well. So this would appear that I haven't screwed up the DS User filter too badly :-)
However, now I'm curious about the aforementioned new filters I created with my DS User. Would all users in the Administrator role have the same filters? As an experiment, as the DS User, I moved the filters I created from one group (IT Operations) to another group (My Filters). I then logged out of the DS User and logged in as the LEM user. I saw the changes I made as the DS User. In other words, the LEM user sees the moves the DS User made.
Is this normal or expected behavior?
I found a blog post at: Detecting Malicious Insiders with Log & Event Manager and compared what the poster was calling out-of-the-box filters and discovered I don't have the following (either as my original DS User or my newly created LEM User)
Change Management > UserDisable
IT Operations > Web Errors
> Process Auditing
Would it be possible to post the filter conditions/notifications/etc.?