Filter Builder overview
The Filter Builder is an HTML utility that you use to construct filters that are dynamically applied to event data.
You can use the following modes to create filters; the Filter Builder displays a tab for each mode.
- Basic
- Provides a set of lists and text fields that you use to specify the filter conditions. To build the conditions, select a field from the specified data source or data sources, select a comparator, and type a numeric or string value. The value is the filtering criteria for the field. If you use basic mode to construct your filter, you can view the resulting SQL in the text field on the Advanced tab.
- Advanced
- Provides a text field where you can enter ObjectServer SQL syntax.
- Dependent.
- This tab is displayed only for dependent filters. On this tab, use the Search fields to identify the filters that you want to use for the dependencies. After you have identified the required filters, use the buttons to move the filters from the Available filters list to the Selected dependencies list. In a dependent filter, the SQL WHERE statements of each filter are concatenated by using OR statements.
Filter Builder metrics
A metric is an aggregate statistic that can be derived from the events that match a filter to display a useful figure, for example, an average, count, or sum of all field values. When a filter is displayed using a monitor box linked to an AEL, the metric information obtained from the set of events that match the filter is used for this display.
User capabilities
The privileges that each user has determines the operations they can carry out on filters, as the following table shows.
User privilege | Capabilities |
---|---|
ncw_user | A user with the ncw_user privilege can do the
following:
|
ncw_admin | A user with the ncw_admin privilege can add, edit, and delete any filter, including the filters in any user's My Filters. list. |