About Filters

Last updated on 25 August, 2023

LM Dexda has a common filter component that lets you define a query filter in a consistent way across functionality like charts, rules, and action groups. When building queries and aggregations to limit results, you have a set of fields to choose from. Available fields vary depending on the input from the selected data source – events, alerts, or insights.

This article describes the filter concept and available fields and operators. For information on how to create a filter, see Creating Filters.

Filter Conditions

Charts in dashboards, rules, and action groups all make use of the Filter component. The location of the filter on the page varies depending on the functionality. A filter can contain one or more conditions, where the filter condition is defined by the combination of fieldoperator and value. A filter has a default top level condition that cannot be removed, and you add conditions under this using AND or OR operators.

You build a filter condition as follows:

  1. Select a field to filter on. For more information, see Filter Fields.
  2. Select an operator (CONTAINS, EQUALS and so on). For more information, see Filter Operators.
  3. Enter a value.
  4. Create filter nodes using AND or OR operators if needed.

Filter Operators

The type of filter condition you select determines the values that you need to provide for the condition. The following describes operators and fields available when configuring filters for example for charts, rules, and action groups.

Note: Operators available for selection depends on the context in which you configure the filter.

ContainsSubstring match using the list of supplied values, where each value is interpreted as a string. Example: “nyk1245” matches “nyk1245”.
Not containsOpposite of Contains.
InExact match using the list of supplied values, where each value can be a string or a number. Example: “nyk1245” matches “nyk1245”.
Not inOpposite of In.
EmptyField has no value.
Not emptyOpposite of Empty.
EqualsMatches supplied value exactly.
Not equalsOpposite of Equals.
Greater thanGreater than supplied value, where value is a number.
Greater than equalGreater than or equal to supplied value, where value is a number.
Less thanLess than supplied value, where value is a number.
Less than equalLess than or equal to, supplied value, where value is a number.
WithinA time window relative to a specified time: Minutes is 60 secondsform now; Hour is 1 hour from now; Day is 24 hours from now; Month is a calendar month from now; Year is a calendar year from now.
Older thanA time window relative to a specified time, see Within.

Filter Fields

The fields described in the following are available when building filters.

Note: Fields available for selection depends on the context in which you configure the filter. For example, the chart source or a rule’s action determine the record type passed into the condition.

_idThe ID of the database record.
# AlertsNumber of alerts, alert count.
# EventsNumber of events, event count.
Actioned By
Additional Comments (Customer Visible)
Agent CIAgent confiuration item.
Agent IDID of the agent.
Agent IPIP address of the agent.
Agent Timestamp
Alert Key
Alert Key List
Approval Group
Asset Tag
Assigned ToThe assignee of an alert or insight.
Assigment groupThe assigned group for an alert or insight.
Causal CIThe configuration item casuing an issue.
Checked in
Checked out
CIConfiguration item, for example a server or cloud instance.
Close notes
Contact Type
Configuration Item
Correlation ID
Created Timestamp
Display Name
DNS Domain
Earliest Event Timestamp
EscalationThe state of the workflow for an alert.
First Timestamp
Fully qualified domain name
Highest SeverityThe highest severity level for an alert within a cluster.
Impacted CIs
Install Status
Insight Key
Insight Key List
IP address
Last Timestamp
Latest Event Timestamp
Lease Contract
Lowest SeverityThe lowest severity level for an alert in a cluster.
MAC address
Maintenance schedule
Managed by
ML Description
ML Severity
ML Source
ML State
ML Processor Timestamp
ML UI Result
Model category of component
Model ID
Model ID List
Model number
Most recent discovery
Number of Rules Triggered
Operational status
Operating systemOperating system associated with a resource.
Organisation ID
Original Key
Owned by
Permanent URL
Pipeline Timestamp
Requires verification
Resolution Code
Rule Key
Rule NameThe name of the rule applied.
Rule Value
Rules Ids Triggered List
Receiver ID
Receiver Timestamp
Serial number
ServiceNow Incident IDID of an associated ticket in ServiceNow.
ServiceNow Incident PriorityPriority of an associated ticket in ServiceNow.
ServiceNow Incident URLLink to an associated ticket in ServiceNow.
ServiceNow Incident Runbook URLLink to an associated automation runbook in ServiceNow.
SeveritySeverity level for an item.
Short description
Source Record
StateThe state for an insight in the processing flow. See About Insights.
Sub Category
Support Group
Supported by
Sys ID
System Class Name
TagsTags derived from the correlation model, summarizing associated item descriptions and relevant keywords. See Exploring Data.
Updated Timestamp
Warranty expirationEnriching information added to ticket from ServiceNow.
Work NotesNotes added to ticket in ServiceNow.
In This Article