Use this window to define SQL queries (or WHERE clauses)
for filtering alerts in the event list. You can use the Filter Builder
to set up and maintain these filters for your event data.
The Filter
Builder contains the following areas:
Filter
setup area
Use this
area to define a name and to set permissions for the filter.
Complete
this area as follows:
- Name
- If you are creating a new filter, overwrite the current name with
a unique name for the filter. This name is used to select the filter
in event list menus. If you are editing an existing filter, you do
not need to make an entry in this field.
- Editable
- If you have the relevant administrator permissions, select this
check box to allow other users to edit this filter, or clear the check
box to protect the filter from being modified.
Restriction: This setting applies only if the filter is saved
as part of an event list configuration (.elc file).
Graphical
display area
This
area displays the element definitions for the current filter in a
graphical tree structure that shows how the elements relate. You can
add elements to the tree by using the buttons in the button bar. The
element that is currently selected is highlighted, and editing is
relative to this element. When you select an element within this area,
its details are shown and can be edited in the element definition
area.
Element
definition area
This
area displays the details of the element that is currently selected,
and enables you to specify a different set of values. Your selections
are reflected in the graphical display area and the SQL display area.
If
you clicked the
Condition button to create
a condition element, complete the fields as follows:
- Type
- Select either of the following options from this list:
- Simple: Select this option to use simple expressions
in the condition element.
- Complex: Select this option to use complex expressions
that allow two database columns or two expressions to be compared.
- Column
- From this list, select a database column that you want to use
in the comparison.
- By default, the list contains the names of the columns in the
alerts.status database table. The Filter Builder automatically determines
which columns are available. There are situations where this list
will be different.
- Operator
- Select a comparison operator from this list.
- The range of comparisons available is determined by your selection
from the Column drop-down list. Some comparisons
are unavailable for certain columns. For example, it is not possible
to have a LIKE operation on a numeric column such as Severity.
- Value
- The fields that appear here are dependent on the options that
are selected in the Type, Column,
and Operator lists.
- If the Type is Simple,
then the value fields that appear will depend on whether the database
column selected in the Column list is of type
string, integer, or time.
- If the Type is Complex,
then an Edit button is provided to allow you
to edit the SQL directly within the Filter SQL Edit window.
When you click OK to save and return to the
Filter Builder, the SQL expression is automatically parsed and added
to the condition element in the graphical display area. If you enter
invalid SQL text in the Filter SQL Edit window,
you are required to correct the syntax before exiting the window.
If you clicked the
Sub Query button
to create a subquery element, complete the fields as follows:
- Column
- From this list, select the database column to be used in the search.
- Operator
- Select either of the following options from the list:
- In: Use this option to search for the contents
of the column.
- Not In: Use this option to search for the absence
of the contents of the field.
- Select
- Select the column to be used when building the list, against which
the In or Not In operation is to be performed. The options in this
list are determined by the option that is selected in the From list.
- From
- Select the database table from which to derive the information.
This can be alerts.details, alerts.journal, or alerts.status.
SQL display
area
The SQL
display shows the SQL as you build the filter. You can click Edit
SQL in the button bar to edit the SQL directly within
the Filter SQL Edit window.
Type the filter query
by using valid SQL syntax, and click OK to save your
entry and return to the Filter Builder. The Filter Builder attempts to parse
the SQL text and build a filter tree. If the SQL is invalid, an error message
is displayed, and you must correct the errors in the Filter SQL
Edit window before you can continue.
Metric area
Use the metric
buttons to apply a measurement to the filter so that it calculates
a useful figure. For example, a Sum of Tally metric gives
the total number of deduplicated alerts in the ObjectServer.
Complete
this area as follows:
- Metric
- Use the first list to choose the measurement to be used:
- Select Average to return the average value
of the selected field for all alerts that match the filter.
- Select Count to return a count of all the
alerts that match the filter. The selected field is not used for this
calculation.
- Select Sum to return the sum of the selected
field for all alerts that match the filter.
- Select Minimum to return the lowest value
of the selected field in alerts that match the filter.
- Select Maximum to return the highest value
of the selected field in alerts that match the filter.
- Use the second list to select a field to which the measurement
is applied. Only the integer and time fields in an alert are available
for the metric calculation.
Tip: The metric value will
be displayed in monitor boxes in the Event List monitor
box window.
Applying
and saving your filter settings
After defining or modifying
the filter settings, you can apply, save, or cancel changes made by
clicking the relevant button as follows:
- Apply
- Click this button to apply changes to the filter without saving
it.
- Close
- Click this button to close the window and discard the changes.
You must save filters with a .elf file
extension. Click or .