AlertSync Filter Operators
AlertSync has a number of filter operators available to help you filter down your alerts when matching against your Creation Rules.
The following table gives you a run down of the available operators and gives a basic example of how they could be used in a Creation Rule.
Label | Example | Example Output |
|---|---|---|
starts with | [Alert Name][starts with][SQL] | All alerts in which the characters “SQL“ appear at the beginning of the value for the Alert Name field |
ends with | [Alert Name][ends with][failure] | All alerts in which the string “failure“ appears at the end of the value for the Alert Name field |
contains | [Management Pack Name][contains][SystemCenter] | All alerts in which the string “SystemCenter“ appears anywhere in the Management Pack Name field |
does not contain | [Workflow Name][does not contain][Heartbeat] | All alerts in which the string “Heartbeat“ does not appear anywhere in the Workflow Name field |
is | [Severity][is][Error] | All alerts in which the Severity field says nothing but “Error” |
is not | [Resolution State][is not][Closed | All alerts in which the Resolution State is anything but “Closed“ |
is empty | [Owner][is empty] | All alerts in which there is no value in the Owner field |
is not empty | [Alert ID][is not empty] | All alerts in which there is a value in the Alert ID field |
matches pattern | [NetBIOS Name][matches pattern][Infra-*-SQL??] | All alerts in which the NetBIOS Name field matches the pattern “Infra-*-SQL??”. * matches zero or more of any character. ? matches one of any character. |
matches regex | [Principal Name][matches regex][.*.(domain|DOMAIN).tld] | All alerts in which the Principal Name field matches the regex “.*.(domain|DOMAIN).tld“ |
is anything | [Description][is anything] | All alerts in which the Description field is one of the following: |
is one of | [Category][is one of][Alert,StateCollection,PerformanceCollection] | All alerts in which the value of the Category field is one of the following: |
is empty string | [Site Name][is empty string] | All alerts in which the value of the Site Name field is an empty string |
less than or is | [Resolution State Id][less than or is][250] | All alerts in which the “Resolution State ID” field is less than or equal to 250 |
greater than or is | [Repeat Count][greater than or is][1] | All alerts in which the “Repeat Count” field is greater than or equal to 1 |
between | [Resolution State Id][between][0]and[254] | All alerts in which the “Resolution State Id“ field is between 0 and 254 |
is same | [Site Name][is same]as[Custom Field 10] | All alerts is which the “Site Name“ field is the same as the “Custom Field 10“ field |
is different | [Site Name][is different]to[Custom Field 10] | All alerts in which the “Site Name“ field is different to the “Custom Field 10“ field |
on | [Time Raised][on][Today] | All alerts in which the “Time Raised“ field matches the date for today |
not on | [Time Resolved][not on][Yesterday] | All alerts in which the “Time Resolved“ field does not match date for yesterday |
before | [Time Raised][before][Last week] | All alerts in which the “Time Raised“ field date is before the date 7 days ago |
at or before | [Time Resolved][at or before][This quarter] | All alerts in which the “Time Resolved“ field date is before the date of the start of this quarter |
after | [Time Raised][after][Last 45 minutes] | All alerts in which the “Time Raised“ field is after 45 minutes ago |
at or after | [Time Resolved][at or after][Last 15 minutes] | All alerts in which the “Time Resolved“ field is at or after 15 minutes ago |
trend | [Time Raised][trend][on][Monday] | All alerts in which the “Time Raised“ field matches a Monday |
relative | [Time Raised][relative][after][22][hours][ago] | All alerts in which the “Time Raised“ field is no more than 22 hours ago |