Filter rules

Filter rules limit the number of incoming events by discarding those events that need no additional processing or analysis. Filter rules compare incoming events to the event condition formulas (ECFs) contained in the rule to determine whether an event is discarded or proceeds to further processing. An incoming event is processed through each Filter rule until a Filter rule discards the event, or all Filter rules are exhausted. An event must match all the Filter rules to be accepted.

Filter rules use the following modes to determine whether an incoming event is accepted or discarded:

  • PASS—An event meets a defined condition passing to the next rule. 

  • NOPASS—An event meets a defined condition and is dropped from the rule engine.

    Note

    To improve Filter rule processing, BMC recommends that you arrange Filter rules in an order of evaluation so that the rules that discard the most events occur first.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*