Filter pattern

A filter rule is defined by the filter pattern. It takes a certain action when it accepts an event. It acts only on a single event and is therefore a stateless rule.

Overview

The filter pattern is used to act on individual events that meet the event selection criteria. Unlike the other rule patterns, it retains no associated state information (such as the history of past events).

Conditions under which the rule response runs

With the filter pattern, the rule response runs when any event that meets the event selection criteria is received, as defined by the <onDetection> element.

Example usage of this rule pattern

An example usage of the filter pattern is a rule that does the following:
If a ServerStatus event indicates a serverLoad that is greater than 95%, the rule runs an action that pages an administrator.
Related reference
Filter rule summary