Using the Expression Builder on the Analyzer to create a filter
The system uses filters as a technology for many of its most important features, including Watchpoints and traffic regulation. Filters are reusable rules for isolating subsets of web traffic monitored by Watchpoints. You use them to evaluate individual objects and pages in real time as they are detected.
The other examples of using filter expressions include:
- Configuring extraction rules for custom fields
- Creating custom error detection rules
- Creating object, page and session detection rules
The following topics provide information and instructions for working with filters:
- Creating a filter with the Expression Builder
- Deleting a filter with the Expression Builder
- Filter identifiers in the Expression Builder
- Filter operators in the Expression Builder
- How filters process special values
- Getting current traffic values from a filter reference list
You can add filters to a Watchpoint in the following ways:
- By creating a filter that is dedicated to a specific Watchpoint
- By adding an existing filter from the Filter library to the Watchpoint
To filter a specific segment of traffic for a Watchpoint, you can use advanced queries with AND and OR conditions.
The result of any filter evaluation is a Boolean value (true or false) indicating whether an object or page satisfies the criteria that you specified for the filter.
As conditional statements, filters enable you to control the behavior of various features, basing the behavior on elements of the data itself (for example, storing objects if they have a certain host name).
Filters are based on BMC Real End User Experience Monitoring Software Edition grammar syntax, which supports the following concepts:
- Simple Boolean expressions (predicates) that are formed from operators and operands
- Direct access to data model values by using identifiers
- Expression chaining and grouping
- Character escaping for special literals
- Predicate negation using the NOT conjunction
- Case sensitivity
The system supports the following data types and collections:
- IP addresses, including:
- Subnet masks
- Classless Inter-Domain Routing (CIDR) notation
- Long integers
- Indexed arrays
- Maps (key/value pairs)
- Arrays of maps (specific identifiers only)
You can use the following types of comparison:
- Ordered comparison
- Inclusion within a range
- Existence of null
- Regular expression matching
Modifications that you make to the predefined filters are applied only to the current Watchpoint. They are not propagated into the Filter library. For the changes to be saved in the Filter library, you must edit the filter directly in the Filter library.
To view the available values for each field (for example, the list of exact countries, where your application was accessed from), use the Getting current traffic values from a filter reference list tab.