LM Dexda has a common filter component that lets you define a query filter in a consistent way across functionality like charts, rules and action groups. When building queries and aggregations to limit results, you have a set of fields to choose from. Available fields vary depending on the input from the selected data source – events, alerts, or insights.
This article describes how to create a filter. For more information about the filter concept and available fields and operators, see About Filters.
Creating a Filter
The following example shows how to add a filter when creating an “Singleton Alerts” counts ticker type of chart to a dashboard. In this example, the input source is the ID of the alert, and the aggregation key is of type COUNT. The chart should display the current number of uncorrelated (singleton) alerts related to a payment service.
- Under Filter, select Add expression.
- Select the field to filter on, in this example “Escalation”. Start typing to get suggestions from the list of available fields.
- Select the desired operator, in this example “Not equals”. IN, CONTAINS and their counter parts are list operators and can take multiple values.
- Enter the desired value, in this example “closed”.
- Select Add.
- Select the fork icon to create an AND node, and select the filter icon. You can also create an OR node by selecting the “Or” toggle.
- Select the “Description” field.
- Select the CONTAINS operator.
- Enter a value, in this example “paymentservice”.
- Select Add.
Note: When configuring a new filter for a chart, a default condition that limits the event time window to 24 hours is always added. This condition is added to protect against excessive query times caused by unlimited queries.