About Filters

Last updated on 27 March, 2023

Dexda has a common filter component that lets you define a query filter in a consistent way across functionality like charts, rules and action groups. When building queries and aggregations to limit results, you have a set of fields to choose from. Available fields vary depending on the selected data source – events, alerts, or insights, used as input.

The following describes the filter concept and available fields and operators. For information on how to create a filter, see Creating Filters.

Filter Conditions

Charts in dashboards, rules, and action groups all make use of the Filter component. The location of the filter on the page varies depending on the functionality. A filter can contain one or more conditions, where the filter condition is made up by the combination of fieldoperator and value. A filter has a default top level condition that cannot be removed, and you add conditions under this using AND or OR operators.

You build a filter condition as follows:

  • Select a field to filter on, see Filter Fields.
  • Select and operator (CONTAINS, EQUALS and so on), see Filter Operators.
  • Enter a value.
  • Create filter nodes using AND or OR operators if needed.

Dexda supports a number of filter conditions. The type of condition you select determines the values that you need to provide for the condition. The following describes operators and fields available when configuring filters for exampel for charts, rules, and action groups.

Filter Operators

The operators described in the following are available when building filters.

Note: Operators available for selection are determined by the context in which you configure the filter

ParameterDescription
ContainsSubstring match using the list of supplied values, where each value is interpreted as a string. Example: “nyk1245” matches “nyk1245”.
Not containsOpposite of Contains.
InExact match using the list of supplied values, where each value can be a string or a number. Example: “nyk1245” matches “nyk1245”.
Not inOpposite of In.
EmptyField has no value…??
Not emptyOpposite of Empty.
EqualsMatches supplied value exactly.
Not equalsOpposite of Equals.
Greater thanGreater than supplied value, where value is a number.
Greater than equalGreater than or equal to supplied value, where value is a number.
Less thanLess than supplied value, where value is a number.
Less than equalLess than or equal to, supplied value, where value is a number.
WithinA time window relative to a specified time: Minutes is 6o secondsform now; Hour is 1 hour from now; Day is 24 hours from now; Month is a calendar month from now; Year is a calendar year from now.
Older thanA time window relative to a specified time, see Within.

Filter Fields

The fields described in the following are available when building filters.

Note: Fields available for selection are determined by the context in which you configure the filter. For example, the chart source or a rule’s action determine the record type passed into the condition.

FieldDescription
_idThe ID of the database record.
# AlertsNumber of alerts, alert count.
# EventsNumber of events, event count.
Actioned By
Additional Comments (Customer Visible)
Agent CIAgent confiuration item.
Agent IDID of the agent.
Agent IPIP address of the agent.
Agent Timestamp
Alert Key
Alert Key List
Application
Approval Group
Asset
Asset Tag
Assigned ToThe assignee of an alert or insight.
Assigment groupThe assigned group for an alert or insight.
Attributes
Caller
Category
Causal CIThe configuration item casuing an issue.
Checked in
Checked out
CIConfiguration item, for example a server or cloud instance.
Close notes
Contact Type
Comments
Company
Configuration Item
Correlation IDThe ID for the…??
Created Timestamp
Department
Description
Display Name
DNS Domain
Details
Earliest Event Timestamp
Environment
EscalationThe state of the workflow for an alert.
First Timestamp
Fully qualified domain name
Highest SeverityThe highest severity level for an alert within a cluster…??
Impact
Impacted CIs
Install Status
Insight Key
Insight Key List
IP addressThe IP address for the…??
Justification
Last Timestamp
Latest Event Timestamp
Lease Contract
Location
Lowest SeverityThe lowest severity level for an alert in a cluster…??
MAC addressThe MAC address for the…??
Maintenance schedule
Managed by
Manufacturer
ML Description
ML Severity
ML Source
ML State
ML Processor Timestamp
ML UI Result
Model category of component
Model ID
Model ID List
Model number
Monitor
Most recent discovery
Name
Number
Number of Rules TriggeredNumber of rules triggered when…??
Object
Operational status
Operating systemOperating system associated with…??
Organisation ID
Original Key
Owned by
Parent
Permanent URLThe link to the insight in…??
Pipeline Timestamp
Priority
RegionThe geographical region to be associated with a correlation model step…??
Requires verification
Resolution Code
RTO
Rule Key
Rule NameThe name of the rule applied to…??
Rule Value
Rules Ids Triggered ListList of rules applied to…??
Receiver ID
Receiver Timestamp
Serial number
ServiceNow Incident IDID of an associated ticket in ServiceNow.
ServiceNow Incident PriorityPriority of an associated ticket in ServiceNow.
ServiceNow Incident URLLink to an associated ticket in ServiceNow.
ServiceNow Incident Runbook URLLink to an associated automation runbook in ServiceNow.
SeveritySeverity level for an item.
Short description
SourceThe originating source for…??
Source Record
StateThe state for an insight in the processing flow…?? See About Insights.
Status
Sub Category
Support Group
Supported by
Sys ID
System Class Name
TagsTags derived from the correlation model, summarizing associated item descriptions and relevant keywords. See Exploring Data.
Time
Timestamp
Updated Timestamp
Urgency
URL
Vendor
Version
Warranty expirationEnriching information added to ticket from ServiceNow…??
Work NotesNotes added to ticket in ServiceNow…??
In This Article