nxshell - Create an OR column filter?

Started by zshnet, July 08, 2016, 05:30:34 PM

Previous topic - Next topic

zshnet

Hi all,

I am looking into more event log filtering, and I'm unsure from the documentation how exactly to create an OR filter. I would like to filter events with severity 0 OR severity 4, rather than filtering them separately. Anyone have any suggestions where to look?

Thanks,
Zach

Tatjana Dubrovica

If you mean level tag:
https://www.netxms.org/documentation/adminguide/log-monitoring.html#level-tag
or severity tag:
https://www.netxms.org/documentation/adminguide/log-monitoring.html#severity-tag
all information is available there. To filter by multiple severity levels you should specify sum of appropriate codes.

If you mean regexp filtering you can write like this: "level[04](.*)"
This will mean that line should contain "level0" or "level4" and anything after that, that will be used like Event parameter.

zshnet

No, no. I mean NetXMS's Event Log. I'm using nxshell to query the log for certain events, like so:

sourceFilter = ColumnFilter(java.lang.Integer(ColumnFilter.EQUALS),0)
#Time filter is over 24 hours, or 86,400 seconds
timeFilter = ColumnFilter(long(time.time()-86400),long(time.time()))
#Start a log filter, and add our filters to the two  columns
logFilter = LogFilter()
#Columns  in the Event Log are: event_id, event_timestamp, event_source, dci_id, event_code, event_severity, event_message, user_tag, root_event_id
logFilter.setColumnFilter("event_severity",normalFilter)
logFilter.setColumnFilter("event_timestamp",timeFilter)
eventLog.query(logFilter)
critTable = eventLog.retrieveData(0,1)


Rather than just filtering for Critical or Normal events, I'd like to build a ColumnFilter that filters for both, so that I don't have to do two separate queries. Any ideas?

Thanks,
Zach

Tatjana Dubrovica

Use this two functions of ColumnFilter class:

/**
* Create filter of type SET
*/
public ColumnFilter()
{
type = SET;
set = new HashSet<ColumnFilter>();
operation = AND;
}

/**
* Add new element to SET type filter

* @param filter
*/
public void addSubFilter(ColumnFilter filter)
{
if (type == SET)
set.add(filter);
}


It will look something like this:

filter = ColumnFilter();
filter.setOperation(ColumnFilter.OR);
filter.addSubFilter(normalFilter); //ColumnFilter that filters events from event_severity column that have normal state
filter.addSubFilter(warningFilter);  //ColumnFilter that filters events from event_severity column that have warning state

zshnet

You nailed it again! Thanks for the help.

Thanks,
Zach

paul

In my quest to read every post and learn all things wonderful, I found this little gem.

Am I correct in my understanding that what was being done here provided multi column filtering - which in this case is events, but equally applies to Alarms?

Does anybody have this or variations of this working?

I want to be able to select a container, show the alarm view, filtered by both the container and by status = Outstanding, and if possible, still have the filter visible. This seems to give me two out of three and putting it into an Object tool where I asks for the third filter, possible to have a three way filter that dynamically updates.


Victor Kirhenshtein

This question was not related to UI - it was about using nxshell (Python based external scripting tool). You can get filtered information form event or alarm log in nxshell, but it won't be shown as UI view. You can do the same within event log or alarm log view by adding appropriate filters.

Best regards,
Victor

paul

#7
I was simply looking for a way to be able to display alarms where status = outstanding without having to type outstanding every time.

Alarm Log allows multiple filters - but is the log, so cannot acknowledge or terminate.

Dashboard gives me access to the xml, but do not know what xml I need to add to have State = Outstanding.

Having the State field as an additional display selection option on the Dashboard Alarms would be great - actually - it would be near perfect :)

Perfect would be to include a search field - that would be perfect and would be the pen-ultimate Alarm browser.

The ultimate? - have these in Alarm browser as well :)