Filter syntax

Applies to NAM 2018

The described syntax rules apply to the Dimension filters and Output filters in the alert definition wizard.

Numeric fields

Besides an actual number such as 13, a numeric field can contain expressions such as the following examples:

  • <400 means all values less than 400.
  • >400 means all values greater than 400.
  • <=400 means all values less than or equal to 400.
  • >=400 means all values greater than or equal to 400.
  • 127-255 means all values between 127 and 255 including 127 and 255.
  • ~400 means all values that are not 400.
  • 400|500 means a value of 400 or 500.
  • , separates enumerated values.
  • k, M, G, and T as suffixes stand for kilo, mega, giga, and tera.
  • An empty pattern means all values are accepted.

Text fields

The following examples show how to write a filter for a text field:

  • RG (with no quotes) matches all strings containing RG, such as RG_1, BUSS_RG, and BG_RG_3.
  • "RG_2" (with quotes) matches that string exactly, not strings that contain that string.
  • ? matches any character, such that A?B matches ABC and ACC.
  • * matches any substring, such that *RG matches all strings ending with RG, and RG* matches all strings starting with RG.
  • ~ means negation (not), such that ˜WWW matches all strings that do not contain substring WWW.
  • | (pipe) matches on one of the specified strings, such that WWW|HTTP matches on a string that contains WWW or HTTP.
  • & (and) matches on all of the specified strings, such that WWW&HTTP matches on a string that contains WWW and HTTP.
  • , separates enumerated values.
  • An empty string means all values will be accepted. This is equivalent of a single asterisk ()*).
  • ~SMTP_PROD & ~DNS & ~FTP & ~HTTP means not any of those strings (not "SMTP_PROD" and not "DNS" and not "FTP" and not "HTTP").

IP address fields

  • #.#.#.# indicates an IP address, where # is any integer from 0 and 255. You can also use an asterisk * instead of a number.

Address types IPv4 and IPv6 are both supported.