Filter examples
These examples show how you can use logical comparisons, negate conditions, and subquery elements in filters.
Example: Logical comparison
This
example uses the logical AND element. To find all alerts that have
been acknowledged, and which are greater than major severity, use
two condition elements: Acknowledged = Yes
and Severity >
Major
.
These elements translate to the SQL condition:
(Acknowledged = 1) and (Severity > 4)
Acknowledged
is an integer value for which 0
equates to No
and 1
equates
to Yes
. Severity names map to integer numbers 0-5
.
Integers are used rather than string values because the Filter Builder
manages the translations between names and values.
When a logical element is selected, the element definition area displays two buttons: And and Or. Logical elements are created by default as AND elements. To use an OR element, select the element in the graphical display area and then select Or in the element definition area.
The following figure shows this example, as displayed in the UNIX Filter Builder.
Example: Negate on UNIX
You can enter a
conditional element that finds all the alerts that have a severity
of warning
, as shown in the following figure.
To negate the condition, select the element; then, click the Negate button to obtain the following result.
Example: Negate on Windows
To negate
a condition, select the element and then click the Negate button
(!). For example, you can enter a conditional
element that finds all the events that have a severity of warning
,
as shown in the following figure.
To negate the condition, click the Negate button (!) to obtain the following result.
Example: Subquery element
The following figure shows a subquery element that compares the Identifier fields of the alerts.status table and the alerts.details table.
Example: Using subquery elements with other elements
This example element compares the Identifier fields in the alerts.status table and the alerts.details table, where the records in the alerts.details table also contain a Name field with the value SpecialValueAlert. The elements that follow the subquery element also refer to the same table as the subquery.
The following figure shows how the subquery element is displayed in the UNIX Filter Builder.
The following figure shows how this subquery element is displayed in the Windows Filter Builder.