Use this dialog to create an event filter or change an existing event filter. Not every action plan builder will contain all of the following options.
You can select multiple levels of severity as filtering criteria. Logical OR applies for multiple selections.
For example: if you select Fatal and Critical, the filtering criteria matches if the originator of the event classifies the event as Fatal or as Critical.
Severity levels in the order of most severe to least severe are:
Use the pull-down menus to select values in each category, then click the Add button when you finish the selections. Your settings are added to the selections pane.
You can create as many day/time range entries as you like. Each time you create a day/time range entry, click Add to add the entry to the list in the selections pane.
To remove an entry from the selections pane, click on the entry, then click the Delete button.
The time zone that applies to the day/time filtering entries is the time zone in which the %ProductServerName% is located. If your console is not in the same time zone as the server, the difference in time zones is shown above the selections pane.
For example: if the %ProductServerName% is located in New York and your console is located in California, the time zones displayed and used are Eastern Standard Time (EST), and the following is displayed above the selections pane: Server Time - Local Time = 3 Hours
This category can be particularly useful for narrowing the filtering criteria to a lower level of detail, for example, to isolate one or more values originating from a specific system.
You can also view the extended attributes of a specific event by opening the Event Log task in the Tasks pane of the %ProductName% Console and select an appropriate event from the list. The event's extended attributes, if present, are displayed at the bottom of the Event Details panel, below the Sender Name category.
Because event types are hierarchical, an event with a particular event type has its associated extended attributes as well as the extended attributes of its parent event types. For example, the event type Director.Topology.Offline has extended attributes for Director.Topology.Offline and Director.Topology.
You can specify keywords and values in Extended Attributes only if one event type is selected. If the current event type is set to Any, Extended Attributes is disabled. Extended Attributes is also disabled if multiple event types are selected. If the Extended Attributes panel is enabled for a specific event type but no keywords are listed, the %ProductServerName% is not aware of any keywords that can be used for filtering.
An event will meet the filtering criteria as follows:
If you want to enter multiple values for a single keyword, use the Add key each time you want to add a value.
Boolean OR is used to determine if an event's extended attributes meet the filtering criteria for multiple values of a single keyword.
If you enter more than one keyword/value pair, Boolean AND is used to determine if an event's extended attributes meet the filtering criteria (all keyword values must be true).
If Interval is set to a value greater than 0 and Count is set to a value greater than 0, after the first occurrence of an event meets the filtering criteria, the value entered in Count (n) specifies the number of times an event must meet the criteria within the interval before associated actions can be triggered again. If an event meets the criteria for the nth time within the interval, the next time (n+1) an event meets the criteria, associated actions are triggered, the count is reset, and the interval is reset.
For Threshold Event Filters, the Interval field must be used in conjunction with the Count field. Interval specifies a window of time that begins when an event meets the filtering criteria. The first occurrence of an event that meets the criteria does not trigger associated actions, but starts a countdown of the units that define the interval. For example, if you enter 10 and select minutes, a 10-minute timer starts when an event meets the filtering criteria. The value entered in Count specifies the number of times (n-1) an event has to meet the criteria before associated actions are triggered. The first n-1 events that occur within the interval do not cause associated actions to trigger. The nth time an event meets the criteria within the interval, associated actions are triggered, the count is reset, and the interval is reset.
For Duplication Event Filters, Count must be an integer from 0 to 100 and specifies the number of duplicate events to ignore after the first occurrence of an event meets the filtering criteria. For example, if you enter 5 in Count, an event must meet the criteria 6 times after the first event meets the criteria to trigger associated actions again.
If you specify an interval and Count is set to the value 0, the first time the criteria are met the associated actions trigger, the interval countdown begins, and no actions are triggered during the interval.
For Threshold Event Filters, Count must be an integer from 1 to 100. Count specifies the number (n-1) of events that must meet the filtering criteria before associated actions are triggered. The first n-1 events are ignored. For example, if you enter the value 5 in Count, the first 4 duplicate events are ignored and the fifth event triggers associated actions.
Use this to identify sources of events within the network that you want to exclude from the event filtering criteria specified using the Event Type. That is, you can filter on a specified group of events but exclude certain events that meet the criteria selected on this page. The exclusion filter can be useful also in identifying the criteria that do not apply rather than identifying all the criteria that do apply.
System Variables are user-defined keyword/value pairs that are
known only to the local %ProductServerName%. You can further qualify the
filtering criteria by specifying a system variable.
Note: These user-defined system variables are not associated
with NT system variables in any way.
Refer to Understanding System Variables for more information on how to use system variables.