Using Advanced Filters

Administration Guide › Suppression and Summarization › Suppression and Summarization Rules Tasks › How to Create a Suppression Rule › Using Advanced Filters

Using Advanced Filters

You can use advanced filters to qualify any suppression or summarization-related queries of the event log store. The Advanced Filters interface helps you create the appropriate filter syntax by providing a form for entering logic columns, operators and values according to your suppression or summarization rule requirements.

Note: This section contains a brief overview of the terms used in advanced filters for suppression rules and summarization rules. To use advanced filters to their full potential you need a thorough understanding of the filter terms and the Common Event Grammar.

The following terms join multiple filter statements:

And: Displays the event information if all the joined terms are true.
Or: Displays the event information if any of the joined terms are true.

The following SQL operators are used by advanced filters to create the basic conditions for summarization or suppression:

Match

Includes any event information that matches one or more of the characters in the alphanumeric string that you enter, allowing you to search for key words. This search is case-sensitive.

Match (ignore case)

Includes any event information that matches one or more of the characters in the alphanumeric string that you enter, allowing you to search for key words. This search is not case-sensitive.

Not Match

Includes any event information that does not match one or more of the characters in the alphanumeric string that you enter. This search is case-sensitive.

Not Match (ignore case)

Includes any event information that does not match one or more of the characters in the alphanumeric string that you enter. This search is not case-sensitive.

Regular Expression Match

Includes any event information that matches one or more of the regular expression characters that you enter. This can be used to search in a multibyte environment, and to search using wildcards.

Not Regular Expression Match

Includes any event information that does not match one or more of the regular expression characters that you enter. This can be used to search in a multibyte environment, and to search using wildcards.

Relational Operators

Include the event information if the column bears the appropriate relation to the value you enter. The following relational operators are available:

Equal to (numeric)
Not Equal to (numeric)
Greater than (numeric)
Greater than or equal to (numeric)
Less than (numeric)
Less than or equal to (numeric)

For example, using Greater than would include the event information from your chosen column if its value is greater than the value you set.

All of these operators locate only numbers; to search for other characters, select one the "match" operators, as appropriate.

More information

Create an Advanced Event Filter

Name a Suppression Rule

Email CA Technologies about this topic