About Filters
Last updated on 25 August, 2023LM Dexda has a common filter component that lets you define a query filter in a consistent way across functionality like charts, rules, and action groups. When building queries and aggregations to limit results, you have a set of fields to choose from. Available fields vary depending on the input from the selected data source – events, alerts, or insights.
This article describes the filter concept and available fields and operators. For information on how to create a filter, see Creating Filters.
Filter Conditions
Charts in dashboards, rules, and action groups all make use of the Filter component. The location of the filter on the page varies depending on the functionality. A filter can contain one or more conditions, where the filter condition is defined by the combination of field, operator and value. A filter has a default top level condition that cannot be removed, and you add conditions under this using AND or OR operators.
You build a filter condition as follows:
- Select a field to filter on. For more information, see Filter Fields.
- Select an operator (CONTAINS, EQUALS and so on). For more information, see Filter Operators.
- Enter a value.
- Create filter nodes using AND or OR operators if needed.
Filter Operators
The type of filter condition you select determines the values that you need to provide for the condition. The following describes operators and fields available when configuring filters for example for charts, rules, and action groups.
Note: Operators available for selection depends on the context in which you configure the filter.
| Parameter | Description |
| Contains | Substring match using the list of supplied values, where each value is interpreted as a string. Example: “nyk1245” matches “nyk1245”. |
| Not contains | Opposite of Contains. |
| In | Exact match using the list of supplied values, where each value can be a string or a number. Example: “nyk1245” matches “nyk1245”. |
| Not in | Opposite of In. |
| Empty | Field has no value. |
| Not empty | Opposite of Empty. |
| Equals | Matches supplied value exactly. |
| Not equals | Opposite of Equals. |
| Greater than | Greater than supplied value, where value is a number. |
| Greater than equal | Greater than or equal to supplied value, where value is a number. |
| Less than | Less than supplied value, where value is a number. |
| Less than equal | Less than or equal to, supplied value, where value is a number. |
| Within | A time window relative to a specified time: Minutes is 60 secondsform now; Hour is 1 hour from now; Day is 24 hours from now; Month is a calendar month from now; Year is a calendar year from now. |
| Older than | A time window relative to a specified time, see Within. |
Filter Fields
The fields described in the following are available when building filters.
Note: Fields available for selection depends on the context in which you configure the filter. For example, the chart source or a rule’s action determine the record type passed into the condition.
| Field | Description |
| _id | The ID of the database record. |
| # Alerts | Number of alerts, alert count. |
| # Events | Number of events, event count. |
| Actioned By | |
| Additional Comments (Customer Visible) | |
| Agent CI | Agent confiuration item. |
| Agent ID | ID of the agent. |
| Agent IP | IP address of the agent. |
| Agent Timestamp | |
| Alert Key | |
| Alert Key List | |
| Application | |
| Approval Group | |
| Asset | |
| Asset Tag | |
| Assigned To | The assignee of an alert or insight. |
| Assigment group | The assigned group for an alert or insight. |
| Attributes | |
| Caller | |
| Category | |
| Causal CI | The configuration item casuing an issue. |
| Checked in | |
| Checked out | |
| CI | Configuration item, for example a server or cloud instance. |
| Close notes | |
| Contact Type | |
| Comments | |
| Company | |
| Configuration Item | |
| Correlation ID | |
| Created Timestamp | |
| Department | |
| Description | |
| Display Name | |
| DNS Domain | |
| Details | |
| Earliest Event Timestamp | |
| Environment | |
| Escalation | The state of the workflow for an alert. |
| First Timestamp | |
| Fully qualified domain name | |
| Highest Severity | The highest severity level for an alert within a cluster. |
| Impact | |
| Impacted CIs | |
| Install Status | |
| Insight Key | |
| Insight Key List | |
| IP address | |
| Justification | |
| Last Timestamp | |
| Latest Event Timestamp | |
| Lease Contract | |
| Location | |
| Lowest Severity | The lowest severity level for an alert in a cluster. |
| MAC address | |
| Maintenance schedule | |
| Managed by | |
| Manufacturer | |
| ML Description | |
| ML Severity | |
| ML Source | |
| ML State | |
| ML Processor Timestamp | |
| ML UI Result | |
| Model category of component | |
| Model ID | |
| Model ID List | |
| Model number | |
| Monitor | |
| Most recent discovery | |
| Name | |
| Number | |
| Number of Rules Triggered | |
| Object | |
| Operational status | |
| Operating system | Operating system associated with a resource. |
| Organisation ID | |
| Original Key | |
| Owned by | |
| Parent | |
| Permanent URL | |
| Pipeline Timestamp | |
| Priority | |
| Region | |
| Requires verification | |
| Resolution Code | |
| RTO | |
| Rule Key | |
| Rule Name | The name of the rule applied. |
| Rule Value | |
| Rules Ids Triggered List | |
| Receiver ID | |
| Receiver Timestamp | |
| Serial number | |
| ServiceNow Incident ID | ID of an associated ticket in ServiceNow. |
| ServiceNow Incident Priority | Priority of an associated ticket in ServiceNow. |
| ServiceNow Incident URL | Link to an associated ticket in ServiceNow. |
| ServiceNow Incident Runbook URL | Link to an associated automation runbook in ServiceNow. |
| Severity | Severity level for an item. |
| Short description | |
| Source | |
| Source Record | |
| State | The state for an insight in the processing flow. See About Insights. |
| Status | |
| Sub Category | |
| Support Group | |
| Supported by | |
| Sys ID | |
| System Class Name | |
| Tags | Tags derived from the correlation model, summarizing associated item descriptions and relevant keywords. See Exploring Data. |
| Time | |
| Timestamp | |
| Updated Timestamp | |
| Urgency | |
| URL | |
| Vendor | |
| Version | |
| Warranty expiration | Enriching information added to ticket from ServiceNow. |
| Work Notes | Notes added to ticket in ServiceNow. |