Event Group Filters
Event groups are used to organise TEC events into views. The selection criteria that determine which events belong to a particular event group are defined with event group filters. The event group filter defines the events that are considered part of an event group.
The documentation indicates that an asterisk (*) can be specified as a wildcard to specify multiple values for an attribute however there are other filters that can be used and it is these that I have tried to explain.
Note:TEC Consoles that are already running will use the new filters the next time the consoles are initialised.
Origin
Identifies the host to be monitored. The origin is stored as the host's IP address (for example, 192.100.1.1).
Filter | Effect | Example | |
* | Any IP Address | 1.2.3.4 | shown |
4.1.2.3 | shown | ||
5.6.7.8 | shown | ||
1.2.3 or 1.2.3.* | Any IP Address containing 1.2.3 | 1.2.3.4 | shown |
4.1.2.3 | shown | ||
5.6.7.8 | not shown | ||
1.2.3\b or 1.2.3.*\b | Any IP Address ending in 1.2.3 | 1.2.3.4 | not shown |
4.1.2.3 | shown | ||
5.6.7.8 | not shown | ||
1.2.3$ or 1.2.3.*$ | Any IP Address ending in 1.2.3 | 1.2.3.4 | not shown |
4.1.2.3 | shown | ||
5.6.7.8 | not shown | ||
\b1.2.3 or \b1.2.3.* | Any IP Address starting with 1.2.3 | 1.2.3.4 | shown |
4.1.2.3 | not shown | ||
5.6.7.8 | not shown | ||
^1.2.3 or ^1.2.3.* | Any IP Address starting with 1.2.3 | 1.2.3.4 | shown |
4.1.2.3 | not shown | ||
5.6.7.8 | not shown | ||
\b1.2.3.4\b | Only the IP Address 1.2.3.4 | 1.2.3.4 | shown |
4.1.2.3 | not shown | ||
5.6.7.8 | not shown | ||
^1.2.3.4$ | Only the IP Address 1.2.3.4 | 1.2.3.4 | shown |
4.1.2.3 | not shown | ||
5.6.7.8 | not shown | ||
Event Class, Sub-Source, Source and Sub-Origin
The event class, sub-source, source and sub-origin are usually string based. The following table shows some possible string filters.
Filter | Effect | Example | |
* | any value | test | shown |
sett | shown | ||
t | shown | ||
1test | shown | ||
test2 | shown | ||
*test | any value | test | shown |
sett | shown | ||
t | shown | ||
1test | shown | ||
test2 | shown | ||
test | any value containing the string test | test | shown |
sett | not shown | ||
t | not shown | ||
1test | shown | ||
test2 | shown | ||
test\b | any value ending in the string test | test | shown |
sett | not shown | ||
t | not shown | ||
1test | shown | ||
test2 | not shown | ||
test$ | any value ending in the string test | test | shown |
sett | not shown | ||
t | not shown | ||
1test | shown | ||
test2 | not shown | ||
\btest | any value starting with the string test | test | shown |
sett | not shown | ||
t | not shown | ||
1test | not shown | ||
test2 | shown | ||
^test | any value starting with the string test | test | shown |
sett | not shown | ||
t | not shown | ||
1test | not shown | ||
test2 | shown | ||
\btest\b
| only the string test would be shown | test | shown |
sett | not shown | ||
t | not shown | ||
1test | not shown | ||
test2 | not shown | ||
^test$ | only the string test would be shown | test | shown |
sett | not shown | ||
t | not shown | ||
1test | not shown | ||
test2 | not shown | ||
[^test] | any string that does not include any of t, e, s or t | test | not shown |
sett | not shown | ||
1test | shown | ||
test2 | shown | ||
t | not shown | ||
[^t,e,s,t] | any string that does not include t, e, s or t | test | not shown |
sett | not shown | ||
t | shown | ||
1test | shown | ||
test2 | not shown | ||
^[^t] | filters out any word beginning with t | test | shown |
sett | not shown | ||
t | shown | ||
1test | not shown | ||
test2 | shown | ||
[^t^e^s^t] | any string that does not include all letters t, e, s, or t | test | not shown |
sett | not shown | ||
t | not shown | ||
1test | shown | ||
test2 | shown | ||
Page last updated by Simon Barnes