Skip to Content

FILTER and MATCH parameters

Use FILTER or MATCH in SMF and EVENT statements to filter out (skip) or filter in (select) fields that you want to generate in the corresponding record. FILTER indicates the fields that you don't want to include. MATCH indicates the fields that you do want to include.

You can use one or more FILTER or MATCH parameters in any SMF or EVENT statement. For example:

SMF 30 FILTER(operands) FILTER(operands) FIELDS(...

Related topics

Command and syntax reference

Filtering in and filtering out events

Filter examples

FILTER and MATCH syntax

Syntax diagram for the FILTER and MATCH parameters provides a visual representation of the command syntax and parameters.

For information about logicalTest, see Types-of-filters.

FILTER and MATCH are mutually exclusive; you cannot use both parameters in any single SMF or EVENT statement.

Warning

Important

Any given field might be specified with FILTER or MATCH—assuming it implements filtering, as indicated by a filter type under Name/(Filter) in Supported SMF field names—irrespective of whether it is formatted for transmission to the SIEM (that is, whether it is specified in the FIELDS parameter of the SMF statement).

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Datastream for Ops 7.1