LM Dexda has a common filter component that lets you define a query filter in a consistent way across functionality like charts, rules, and action groups. When building queries and aggregations to limit results, you have a set of fields to choose from. Available fields vary depending on the input from the selected data source – events, alerts, or insights.
This article describes the filter concept and available fields and operators. For information on how to create a filter, see Creating Filters.
Charts in dashboards, rules, and action groups all make use of the Filter component. The location of the filter on the page varies depending on the functionality. A filter can contain one or more conditions, where the filter condition is defined by the combination of field, operator and value. A filter has a default top level condition that cannot be removed, and you add conditions under this using AND or OR operators.
You build a filter condition as follows:
- Select a field to filter on. For more information, see Filter Fields.
- Select an operator (CONTAINS, EQUALS and so on). For more information, see Filter Operators.
- Enter a value.
- Create filter nodes using AND or OR operators if needed.
The type of filter condition you select determines the values that you need to provide for the condition. The following describes operators and fields available when configuring filters for example for charts, rules, and action groups.
Note: Operators available for selection depends on the context in which you configure the filter.
|Contains||Substring match using the list of supplied values, where each value is interpreted as a string. Example: “nyk1245” matches “nyk1245”.|
|Not contains||Opposite of Contains.|
|In||Exact match using the list of supplied values, where each value can be a string or a number. Example: “nyk1245” matches “nyk1245”.|
|Not in||Opposite of In.|
|Empty||Field has no value.|
|Not empty||Opposite of Empty.|
|Equals||Matches supplied value exactly.|
|Not equals||Opposite of Equals.|
|Greater than||Greater than supplied value, where value is a number.|
|Greater than equal||Greater than or equal to supplied value, where value is a number.|
|Less than||Less than supplied value, where value is a number.|
|Less than equal||Less than or equal to, supplied value, where value is a number.|
|Within||A time window relative to a specified time: Minutes is 60 secondsform now; Hour is 1 hour from now; Day is 24 hours from now; Month is a calendar month from now; Year is a calendar year from now.|
|Older than||A time window relative to a specified time, see Within.|
The fields described in the following are available when building filters.
Note: Fields available for selection depends on the context in which you configure the filter. For example, the chart source or a rule’s action determine the record type passed into the condition.
|_id||The ID of the database record.|
|# Alerts||Number of alerts, alert count.|
|# Events||Number of events, event count.|
|Additional Comments (Customer Visible)|
|Agent CI||Agent confiuration item.|
|Agent ID||ID of the agent.|
|Agent IP||IP address of the agent.|
|Alert Key List|
|Assigned To||The assignee of an alert or insight.|
|Assigment group||The assigned group for an alert or insight.|
|Causal CI||The configuration item casuing an issue.|
|CI||Configuration item, for example a server or cloud instance.|
|Earliest Event Timestamp|
|Escalation||The state of the workflow for an alert.|
|Fully qualified domain name|
|Highest Severity||The highest severity level for an alert within a cluster.|
|Insight Key List|
|Latest Event Timestamp|
|Lowest Severity||The lowest severity level for an alert in a cluster.|
|ML Processor Timestamp|
|ML UI Result|
|Model category of component|
|Model ID List|
|Most recent discovery|
|Number of Rules Triggered|
|Operating system||Operating system associated with a resource.|
|Rule Name||The name of the rule applied.|
|Rules Ids Triggered List|
|ServiceNow Incident ID||ID of an associated ticket in ServiceNow.|
|ServiceNow Incident Priority||Priority of an associated ticket in ServiceNow.|
|ServiceNow Incident URL||Link to an associated ticket in ServiceNow.|
|ServiceNow Incident Runbook URL||Link to an associated automation runbook in ServiceNow.|
|Severity||Severity level for an item.|
|State||The state for an insight in the processing flow. See About Insights.|
|System Class Name|
|Tags||Tags derived from the correlation model, summarizing associated item descriptions and relevant keywords. See Exploring Data.|
|Warranty expiration||Enriching information added to ticket from ServiceNow.|
|Work Notes||Notes added to ticket in ServiceNow.|