Defining the Query Conditions

About this task

Query conditions have the format: <And/Or> <Field> <Operator> <Value/Parameter/Group> <Value>

where:
  • And/Or: determines the relationship between the conditions or condition groups. The default is Add.
  • Field: one of the fields in the query's domain
  • Operator: the operator types depend on the selected field. For example, attributes that cannot be associated with groups do not have any of the group options (IN GROUP, LIKE GROUP).
    Operator Description
    < Less than
    < = Less than or equal to
    < > Not equal to
    = Equal to
    > Greater than
    > = Greater than or equal to
    CATEGORIZED AS Member of a group belonging to the category selected from the drop-down list, which appears when a group operator is selected.
    CLASSIFIED AS Member of a group belonging to the classification selected from the drop-down list, which appears when a group operator is selected.
    IN ALIASES GROUP The operator works on a group of the same type as IN GROUP, however assumes the members of that group are aliases. Note that the IN GROUP/IN ALIASES GROUP operators expect the group to contain actual values or aliases respectively. An alias provides a synonym that substitutes for a stored value of a specific attribute type. It is commonly used to display a meaningful or user-friendly name for a data value. For example, Financial Server might be defined as an alias for IP address 192.168.2.18.
    IN DYNAMIC ALIASES GROUP The operator works on a group of the same type as IN DYNAMIC GROUP, however assumes the members of that group are aliases.
    IN DYNAMIC GROUP Member of a group that is selected from the drop-down list in the runtime parameter column, which appears when a group operator is selected.
    IN GROUP Member of the group that is selected from the drop-down list in the runtime parameter column, which appears when a group operator is selected. IN GROUP or IN ALIASES GROUP cannot both be used at the same time.
    IN PERIOD For a time stamp only, is within the selected time period
    IS NOT NULL Attribute value exists, but might be blank or unprintable
    IS NULL Empty attribute
    LIKE  
    LIKE GROUP Matches a like value that is specified in the boxes. A like value uses the percent sign as a wildcard character, and matches all or part of the value. Alphabetic characters are not case-sensitive. For example, %tea% would match tea, TeA, tEam, steam. If no percent signs are included, the comparison operation is an equality operation (=).
    NOT IN ALIASES GROUP The operator works on a group of the same type as NOT IN GROUP, however assumes the members of that group are aliases.
    NOT IN DYNAMIC ALIASES GROUP The operator works on a group of the same type as NOT IN DYNAMIC GROUP, however assumes the members of that group are aliases.
    NOT IN DYNAMIC GROUP Not equal to any member of a group, which is selected from the drop-down list in the runtime parameter column, which appears when a group operator is selected.
    NOT IN GROUP Not equal to any member of the specified group, which is selected from the drop-down list in the runtime parameter column, which appears when a group operator is selected.
    NOT IN PERIOD For a time stamp only, not within the selected time period
    NOT LIKE Not like the specified value (see the description of LIKE)
    NOT LIKE GROUP Not like the value that is specified in LIKE GROUP
    NOT REGEXP Not matched by the specified regular expression
    REGEXP Matched by the specified regular expression For detailed information about how to use regular expressions, see Regular Expressions.
  • Value/Parameter/Group: depends on the operator.
    • Value: A constant with which the field is compared.
    • Parameter: The name of a parameter that gets its value in run time. The parameter name cannot be any of: QUERY_FROM_DATE,QUERY_TO_DATE, REMOTE_SOURCE, SHOW_ALIASES, FETCHSIZE, REFRESHRATE, current_title, action, user, group, role, js_peid, eventsubmit_doupdate, page, _skin, template, media-type. The parameter name must start with a letter and can only contain letters, digits, and underscore.
    • Group: A drop-down list of the groups that match the type of the field. The groups with the same type as the field appear first, in alphabetic order. Then groups with all types appear, grouped by their type. The group types are ordered alphabetically and so are the groups under each type. Note that in some cases there may be several group types that match the field type. For example, there are several group types that match Client IP: Client IP/DB User, Client IP/Src App./DB User, Client IP/Src App./DB User/ServerIP/Svc. Name
  • Value: depends on the Operator and the Value/Parameter/Group
Query conditions can include both individual conditions and groups of conditions. When adding a condition or a condition to a group, the default conjunction is Add. You can change this to Or. Each condition group is processed as though it is in parenthesis. The following figure presents a query with two conditions and two condition groups specifying: condition 1 and condition 2 and (condition 3 or condition 4 or (condition 5 and condition 6)) and (condition 7 and condition 8).
picture of query conditions

Escaping backslash (\) characters: To correctly escape a backslash character for use in a query condition, use four backslash characters. For example, to specify domain\user you would enter domain\\\\user.

Procedure

  1. In the Conditions row, click Edit.
    The Conditions area expands.
  2. To add a condition, click Add Condition and select values in the drop-downs for the first query condition.
  3. To add a condition group, click Add Condition Group and select values in the drop-downs for the conditions in the group.
  4. Repeat as relevant.
  5. Click Save.