Eric Singer

Easier "exclude" filters

Recommended Posts

I like that you start your various filters off with "include" for things like alert queries and dashboard queries, but I'd also like to see an "exclude" that follows the include.  There are plenty of cases where I want to see all devices in group structure such as...

  1. Windows Servers
    1.   Exchange
    2.   SQL
    3.   IIS
    4.   DHCP
    5.   AD
    6.  
    7. Except that I don't want to see say IIS.  So I only have two options, 1. try to ignore IIS in the results, or 2. do an include on all the sub-groups..  
    8. I would love to have a query that in essence is....
    9. Show me all windows servers, exclude IIS
    10. Let me know if you have any questions.
  2. We'll do a group include of "*windows*" and tried also adding 
    "!*IIS*" 
    "!IIS"
    and a few other combos with no luck.  That was on the alerts view in the includes filter.

Edited by Mike Suding

Share this post


Link to post
Share on other sites

I'm not having any luck with Glob filters.

Also, just a suggestion.  I get that you have a mixture of Linux / Windows admins.  Me being a windows admin, I'm going to be a bit bias in saying that I find regex style patterns to be overly convoluted, and honestly wish you guys simplified your operating / pattern matching language.  Certainly nothing wrong with offering regex as an option, but its not my go to langue for pattern matching, or its rather a language of last resort that I use.

For example:

I have a group structure that looks like this

Windows Servers\
  Exchange
  SQL
  IIS
  DHCP
  AD

Cisco\
 ESA
WSA
Switch
FW

I want to show all devices in the Windows server, except IIS and I want to show only ESA in Cisco.  Doing something akin to....

Select * from groups where (name like *windows* and not like *IIS*) or (name like *ESA*)  

That's simple SQL language, and IMO far easier to read / understand.  Even if it's not SQL based language, I think working on more friendly (readable) language would be a huge benefit.  Even something more simplistic like 

(like *windows* and notlike *IIS*) or (like *ESA*).  

Maybe even take it a step further and offer multiple query languages that we can pick from.  Sometime regex IS the only language that can get it done.  And while I realize regex more often than not can do what SQL cannot, 99% of the examples I'm showing, don't require the complexity of regex.

Edited by Mike Suding
  • Upvote 1

Share this post


Link to post
Share on other sites

Hi Eric - thanks for the feedback!  For your examples:

1. Windows Servers/!(IIS*) would include everything in the Windows Server subgroups , except for the IIS subgroup & all subgroups under IIS

2. Cisco/ESA* would include devices in the ESA group and all subgroups

You can combine these into one expression using the | character, like this: (Windows Servers/!(IIS*))|(Cisco/ESA*)

Let me know if this doesn't work for you

Share this post


Link to post
Share on other sites
On 4/15/2016 at 10:08 AM, Sarah Terry said:

Hi Eric - thanks for the feedback!  For your examples:

1. Windows Servers/!(IIS*) would include everything in the Windows Server subgroups , except for the IIS subgroup & all subgroups under IIS

2. Cisco/ESA* would include devices in the ESA group and all subgroups

You can combine these into one expression using the | character, like this: (Windows Servers/!(IIS*))|(Cisco/ESA*)

Let me know if this doesn't work for you

 

Sorry, but that syntax isn't working for me.  And maybe its due to my group structure being more complex.

LocalLocation\Windows\Domains\DomainNAME\Exchange
LocalLocation\Windows\Domains\DomainNAME\IIS
DRLocation\Windows\Domains\DomainNAME\Exchange
DRLocation\Windows\Domains\DomainNAME\IIS

Is a more realistic example.  I of course modified your query a beginning wildcard to account for the parent group, as in I did (*Windows*!(*IIS*)).  I don't see anything wrong with my query, but it returns back devices that are in the "IIS" group as well as other devices that I want.

I still contend that "(Like *Windows* and not like *IIS*) or (like *EAS*)" would be far easier to read and write.

Edited by Mike Suding

Share this post


Link to post
Share on other sites

The syntax for that group structure would be *Windows/!(IIS) - using * before ! is negating the exclude in your query.   We'll look into making these expressions easier to construct. 

Share this post


Link to post
Share on other sites
2 minutes ago, Sarah Terry said:

The syntax for that group structure would be *Windows/!(IIS) - using * before ! is negating the exclude in your query.   We'll look into making these expressions easier to construct. 

That nor  *Windows!(IIS)  appears to be working either.  To be clear I'm doing this in a dashbaord alerts widget incase that matters

Share this post


Link to post
Share on other sites

@Eric Singer I'm guessing you got this working long ago, but in case others need it.   This filter seems to work to filter out the "IIS" groups. Hopefully I interpreted your tree structure correctly.

This also works on a dashboard widget.

image.png.9c6518a3f755dd461aadc47db12b2035.png

Edited by Mike Suding

Share this post


Link to post
Share on other sites

Thanks for the screenshot Mike, that finally helped me understand. Unfortunately, for some reason I thought typing in the search bar on the right would allow the same exclusions or populate the filters or something. Once I clicked on the drop-down (for the device name in my case) it finally clicked. But just in case there's someone else like me that comes along, hopefully this will save a little time.

LMExcludeSearch.jpg

Share this post


Link to post
Share on other sites

Would be nice to be able to configure filters using the same approach as Applies To.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.