About FiltersLast updated on 27 March, 2023
Dexda has a common filter component that lets you define a query filter in a consistent way across functionality like charts, rules and action groups. When building queries and aggregations to limit results, you have a set of fields to choose from. Available fields vary depending on the selected data source – events, alerts, or insights, used as input.
The following describes the filter concept and available fields and operators. For information on how to create a filter, see Creating Filters.
Charts in dashboards, rules, and action groups all make use of the Filter component. The location of the filter on the page varies depending on the functionality. A filter can contain one or more conditions, where the filter condition is made up by the combination of field, operator and value. A filter has a default top level condition that cannot be removed, and you add conditions under this using AND or OR operators.
You build a filter condition as follows:
- Select a field to filter on, see Filter Fields.
- Select and operator (CONTAINS, EQUALS and so on), see Filter Operators.
- Enter a value.
- Create filter nodes using AND or OR operators if needed.
Dexda supports a number of filter conditions. The type of condition you select determines the values that you need to provide for the condition. The following describes operators and fields available when configuring filters for exampel for charts, rules, and action groups.
The operators described in the following are available when building filters.
Note: Operators available for selection are determined by the context in which you configure the filter
|Contains||Substring match using the list of supplied values, where each value is interpreted as a string. Example: “nyk1245” matches “nyk1245”.|
|Not contains||Opposite of Contains.|
|In||Exact match using the list of supplied values, where each value can be a string or a number. Example: “nyk1245” matches “nyk1245”.|
|Not in||Opposite of In.|
|Empty||Field has no value…??|
|Not empty||Opposite of Empty.|
|Equals||Matches supplied value exactly.|
|Not equals||Opposite of Equals.|
|Greater than||Greater than supplied value, where value is a number.|
|Greater than equal||Greater than or equal to supplied value, where value is a number.|
|Less than||Less than supplied value, where value is a number.|
|Less than equal||Less than or equal to, supplied value, where value is a number.|
|Within||A time window relative to a specified time: Minutes is 6o secondsform now; Hour is 1 hour from now; Day is 24 hours from now; Month is a calendar month from now; Year is a calendar year from now.|
|Older than||A time window relative to a specified time, see Within.|
The fields described in the following are available when building filters.
Note: Fields available for selection are determined by the context in which you configure the filter. For example, the chart source or a rule’s action determine the record type passed into the condition.
|_id||The ID of the database record.|
|# Alerts||Number of alerts, alert count.|
|# Events||Number of events, event count.|
|Additional Comments (Customer Visible)|
|Agent CI||Agent confiuration item.|
|Agent ID||ID of the agent.|
|Agent IP||IP address of the agent.|
|Alert Key List|
|Assigned To||The assignee of an alert or insight.|
|Assigment group||The assigned group for an alert or insight.|
|Causal CI||The configuration item casuing an issue.|
|CI||Configuration item, for example a server or cloud instance.|
|Correlation ID||The ID for the…??|
|Earliest Event Timestamp|
|Escalation||The state of the workflow for an alert.|
|Fully qualified domain name|
|Highest Severity||The highest severity level for an alert within a cluster…??|
|Insight Key List|
|IP address||The IP address for the…??|
|Latest Event Timestamp|
|Lowest Severity||The lowest severity level for an alert in a cluster…??|
|MAC address||The MAC address for the…??|
|ML Processor Timestamp|
|ML UI Result|
|Model category of component|
|Model ID List|
|Most recent discovery|
|Number of Rules Triggered||Number of rules triggered when…??|
|Operating system||Operating system associated with…??|
|Permanent URL||The link to the insight in…??|
|Region||The geographical region to be associated with a correlation model step…??|
|Rule Name||The name of the rule applied to…??|
|Rules Ids Triggered List||List of rules applied to…??|
|ServiceNow Incident ID||ID of an associated ticket in ServiceNow.|
|ServiceNow Incident Priority||Priority of an associated ticket in ServiceNow.|
|ServiceNow Incident URL||Link to an associated ticket in ServiceNow.|
|ServiceNow Incident Runbook URL||Link to an associated automation runbook in ServiceNow.|
|Severity||Severity level for an item.|
|Source||The originating source for…??|
|State||The state for an insight in the processing flow…?? See About Insights.|
|System Class Name|
|Tags||Tags derived from the correlation model, summarizing associated item descriptions and relevant keywords. See Exploring Data.|
|Warranty expiration||Enriching information added to ticket from ServiceNow…??|
|Work Notes||Notes added to ticket in ServiceNow…??|