About Filters
Last updated on 27 March, 2023Dexda has a common filter component that lets you define a query filter in a consistent way across functionality like charts, rules and action groups. When building queries and aggregations to limit results, you have a set of fields to choose from. Available fields vary depending on the selected data source – events, alerts, or insights, used as input.
The following describes the filter concept and available fields and operators. For information on how to create a filter, see Creating Filters.
Filter Conditions
Charts in dashboards, rules, and action groups all make use of the Filter component. The location of the filter on the page varies depending on the functionality. A filter can contain one or more conditions, where the filter condition is made up by the combination of field, operator and value. A filter has a default top level condition that cannot be removed, and you add conditions under this using AND or OR operators.
You build a filter condition as follows:
- Select a field to filter on, see Filter Fields.
- Select and operator (CONTAINS, EQUALS and so on), see Filter Operators.
- Enter a value.
- Create filter nodes using AND or OR operators if needed.
Dexda supports a number of filter conditions. The type of condition you select determines the values that you need to provide for the condition. The following describes operators and fields available when configuring filters for exampel for charts, rules, and action groups.
Filter Operators
The operators described in the following are available when building filters.
Note: Operators available for selection are determined by the context in which you configure the filter
| Parameter | Description |
| Contains | Substring match using the list of supplied values, where each value is interpreted as a string. Example: “nyk1245” matches “nyk1245”. |
| Not contains | Opposite of Contains. |
| In | Exact match using the list of supplied values, where each value can be a string or a number. Example: “nyk1245” matches “nyk1245”. |
| Not in | Opposite of In. |
| Empty | Field has no value…?? |
| Not empty | Opposite of Empty. |
| Equals | Matches supplied value exactly. |
| Not equals | Opposite of Equals. |
| Greater than | Greater than supplied value, where value is a number. |
| Greater than equal | Greater than or equal to supplied value, where value is a number. |
| Less than | Less than supplied value, where value is a number. |
| Less than equal | Less than or equal to, supplied value, where value is a number. |
| Within | A time window relative to a specified time: Minutes is 6o secondsform now; Hour is 1 hour from now; Day is 24 hours from now; Month is a calendar month from now; Year is a calendar year from now. |
| Older than | A time window relative to a specified time, see Within. |
Filter Fields
The fields described in the following are available when building filters.
Note: Fields available for selection are determined by the context in which you configure the filter. For example, the chart source or a rule’s action determine the record type passed into the condition.
| Field | Description |
| _id | The ID of the database record. |
| # Alerts | Number of alerts, alert count. |
| # Events | Number of events, event count. |
| Actioned By | |
| Additional Comments (Customer Visible) | |
| Agent CI | Agent confiuration item. |
| Agent ID | ID of the agent. |
| Agent IP | IP address of the agent. |
| Agent Timestamp | |
| Alert Key | |
| Alert Key List | |
| Application | |
| Approval Group | |
| Asset | |
| Asset Tag | |
| Assigned To | The assignee of an alert or insight. |
| Assigment group | The assigned group for an alert or insight. |
| Attributes | |
| Caller | |
| Category | |
| Causal CI | The configuration item casuing an issue. |
| Checked in | |
| Checked out | |
| CI | Configuration item, for example a server or cloud instance. |
| Close notes | |
| Contact Type | |
| Comments | |
| Company | |
| Configuration Item | |
| Correlation ID | The ID for the…?? |
| Created Timestamp | |
| Department | |
| Description | |
| Display Name | |
| DNS Domain | |
| Details | |
| Earliest Event Timestamp | |
| Environment | |
| Escalation | The state of the workflow for an alert. |
| First Timestamp | |
| Fully qualified domain name | |
| Highest Severity | The highest severity level for an alert within a cluster…?? |
| Impact | |
| Impacted CIs | |
| Install Status | |
| Insight Key | |
| Insight Key List | |
| IP address | The IP address for the…?? |
| Justification | |
| Last Timestamp | |
| Latest Event Timestamp | |
| Lease Contract | |
| Location | |
| Lowest Severity | The lowest severity level for an alert in a cluster…?? |
| MAC address | The MAC address for the…?? |
| Maintenance schedule | |
| Managed by | |
| Manufacturer | |
| ML Description | |
| ML Severity | |
| ML Source | |
| ML State | |
| ML Processor Timestamp | |
| ML UI Result | |
| Model category of component | |
| Model ID | |
| Model ID List | |
| Model number | |
| Monitor | |
| Most recent discovery | |
| Name | |
| Number | |
| Number of Rules Triggered | Number of rules triggered when…?? |
| Object | |
| Operational status | |
| Operating system | Operating system associated with…?? |
| Organisation ID | |
| Original Key | |
| Owned by | |
| Parent | |
| Permanent URL | The link to the insight in…?? |
| Pipeline Timestamp | |
| Priority | |
| Region | The geographical region to be associated with a correlation model step…?? |
| Requires verification | |
| Resolution Code | |
| RTO | |
| Rule Key | |
| Rule Name | The name of the rule applied to…?? |
| Rule Value | |
| Rules Ids Triggered List | List of rules applied to…?? |
| Receiver ID | |
| Receiver Timestamp | |
| Serial number | |
| ServiceNow Incident ID | ID of an associated ticket in ServiceNow. |
| ServiceNow Incident Priority | Priority of an associated ticket in ServiceNow. |
| ServiceNow Incident URL | Link to an associated ticket in ServiceNow. |
| ServiceNow Incident Runbook URL | Link to an associated automation runbook in ServiceNow. |
| Severity | Severity level for an item. |
| Short description | |
| Source | The originating source for…?? |
| Source Record | |
| State | The state for an insight in the processing flow…?? See About Insights. |
| Status | |
| Sub Category | |
| Support Group | |
| Supported by | |
| Sys ID | |
| System Class Name | |
| Tags | Tags derived from the correlation model, summarizing associated item descriptions and relevant keywords. See Exploring Data. |
| Time | |
| Timestamp | |
| Updated Timestamp | |
| Urgency | |
| URL | |
| Vendor | |
| Version | |
| Warranty expiration | Enriching information added to ticket from ServiceNow…?? |
| Work Notes | Notes added to ticket in ServiceNow…?? |