Filtering events for Rule Sets
Without Rule Set filtering enabled, every Rule Set is searched for matching Rules for every event the Rule Processor sees. With Rule Set filtering enabled, you can specify that events must meet a Rule Set selection criteria (called filter criteria) before a Rule Set is searched for matching Rules. This feature enables you to selectively lessen the number of events that are passed through each Rule Set.
For example, you can specify that a Rule Set named RULHASP will be searched for all events with a Text-ID of $HASP*. You can limit the search for matching Rules to a single Rule Set or group of Rule Sets.
In the following figure, note the column Filtered. This value represents the number of events that the Rule Set was searched for matching Rules.
Total Events 624 Display suppressed 0
Events Handled 49 Hardcopy suppressed 0
Current arrival rate 3 / sec Rule generated Alerts 6
Peak arrival rate 10 / sec Rule invoked Execs 0
Automation Library
LC CMDS --- (S)elect, (E)nable, (D)isable, (T)est, (SA)ve
(M)ove, (B)efore or (A)fter, (F)ilter Criteria
LC Rule-Set Status Rules Fired Filtered Date Time Strategy
___ RULQUAL1 ENABLED 6 46 624d DD-MMM-YY 13:18:50 FIRST
___ RULJRNL1 ENABLED 108 93 183 DD-MMM-YY 13:18:49 FIRST
___ RULJRNL2 ENABLED 53 6 8 DD-MMM-YY 13:18:49 FIRST
___ RULJRNL3 ENABLED 59 46 32 DD-MMM-YY 13:18:49 ALL
___ RULJRNL4 ENABLED 56 9 17 DD-MMM-YY 13:18:49 FIRST
___ RULJRNL5 ENABLED 37 346 46 DD-MMM-YY 13:18:49 ALL
___ RULJ911 ENABLED 6 46 46 DD-MMM-YY 13:18:49 FIRST
___ AAORULCC DISABLED N/A N/A N/A N/A N/A
___ AAORULJB DISABLED N/A N/A N/A N/A N/A
Therefore, the information for Rule Set RULJRNL1 looks like the following panel:
Total Events 624 Display suppressed 0
Events Handled 49 Hardcopy suppressed 0
Current arrival rate 3 / sec Rule generated Alerts 6
Peak arrival rate 10 / sec Rule invoked Execs 0
Automation Library
LC CMDS --- (S)elect, (E)nable, (D)isable, (T)est, (SA)ve
(M)ove, (B)efore or (A)fter, (F)ilter Criteria
LC Rule-Set Status Rules Fired Filtered Date Time Strategy
___ RULQUAL1 ENABLED 6 46 624d DD-MMM-YY 13:18:50 FIRST
___ RULJRNL1 ENABLED 108 93 183 DD-MMM-YY 13:18:49 FIRST
Rule Set RULJRNL1 contains a total of 108 Rules. Of them, 93 were fired for 183 events that were seen by (or filtered through) the Rule Set. However, a total of 624 events were seen by the Rule Processor. Therefore, with filtering enabled, the number of events seen by Rule Set RULJRNL1 was lessened, enabling the Rules Processor to perform more efficiently.
In contrast, for Rule Set RULQUAL1, note the lowercase d in the Filtered column. The d means that Rule Set filtering has been disabled for RULQUAL1. Also, note that the number of events filtered through the Rule Set is 624, because every event seen by the Rule Processor was also seen by Rule Set RULQUAL1.
Enabling-filtering-and-Rule-Set-match-rate-for-Rule-Sets describes how to enable Rule Set filtering.