Operators

You can use a variety of mathematical and logical operators such as Is Greater Than, In Range, Is True, or Has Field to filter Event Types, Events and Fields based on their values and properties.

This section describes all the operators available for building Transformations and illustrates their usage through a sample Hash Fields Transformation.


Equals and Not Equals

Description: Filter an Event or field if its value is equal or not equal to the specified value.
Filter On: All Events, Event Type, Event Field.
All Fields, Field Name, Field Value.
Configuration Settings: Enter value: Provide a value to compare the Event or field value with.
Transformation Considerations: None.

Example:

Filters:
Event Type = All Events.
Fields = All Fields with Name = test.

Result:
All fields with name = test are hashed as per your selected algorithm (MD5).

Equals and Not Equals Transformation

Transformed Events where field name = test


Greater Than and Greater Than Equal To

Description: Filter an Event or field if its value is greater than or greater than equal to the specified value.
Filter On: All Events, Event Type, Event Field.
All Fields, Field Name, Field Value.
Configuration Settings: Enter Value: Provide a value to compare the Event or field value with.
Transformation Considerations: None.

Example:

Filters:
Event Type = All Events.
Fields = All fields with value greater than 1500.

Result:
All field values greater than 1500 are hashed as per your selected algorithm (MD5).

Greater Than and Greater Than Equal To Transformation

Transformed Events where field values greater than 1500


Lesser Than and Lesser Than Equal To

Description: Filter an Event or field if its value is lesser than or lesser than equal to the specified value.
Filter On: All Events, Event Type, Event Field.
All Fields, Field Name, Field Value.
Configuration Settings: Enter Value: Provide a value to compare the Event or field value with.
Transformation Considerations: None.

Example:

Filters:
Event Type = All Events.
Fields = All fields with value lesser than 1500.

Result:
All field values lesser than 1500 are hashed as per your selected algorithm (MD5).

Lesser Than and Lesser Than Equal To Transformation

Transformed Events where field values less than 1500


In Range and Not In Range

Description: Filter an Event or field if it lies or does not lie in the specified range.
Filter On: All Events, Event Type, Event Field.
All Fields, Field Name, Field Value.
Configuration Settings: Enter Start and End Value: Provide a start and end value to compare your Event or field value with.
Transformation Considerations: The end value is not included.

Example:

Filters:
Event Type = All Events.
Fields = All fields with Start Value = 1000, End Value = 2000.

Result:
All field values between 1000 and 2000 are hashed as per your selected algorithm (MD5).

In Range and Not In Range Transformation

Transformed Events where field values in range 1000, 2000


In and Not In

Description: Filter an Event or field if its value lies or not within the specified set of values.
Filter On: All Events, Event Type, Event Field.
All Fields, Field Name, Field Value.
Configuration Settings: Enter Values: Provide a set of values to compare your Event or field value with.
Transformation Considerations: Multiple values should be separated by commas.

Example:

Filters:
Event Type = All Events.
Fields = All fields with values in “abc", “def".

Result:
All field values in “abc" or “def" are hashed as per your selected algorithm (MD5).

In and Not In Transformation

Transformed Events where field values in abc, def


Starts With

Description: Filter an Event or field if it starts with the specified value.
The value must be of type String .
Filter On: All Events, Event Type, Event Field.
All Fields, Field Name, Field Value.
Configuration Settings: Enter Value: Provide the starting string to identify Events or fields to be filtered.
Transformation Considerations: None.

Example:

Filters:
Event Type = All Events.
Fields = All fields whose names start with test.

Result:
All field names starting with test are hashed as per your selected algorithm (MD5).

Starts With Transformation Operator

Transformed Events where field name Starts With test


Matches

Description: Filter an Event or field if it matches the specified pattern.
Filter On: All Events, Event Type, Event Field.
All Fields, Field Name, Field Value.
Configuration Settings: - Regex: Provide a Regular Expression to specify your pattern.
- Complete String: Provide a string that specifies your complete pattern.
Transformation Considerations: None.

Example:

Filters:
Event Type = All Events.
Fields = All fields with name = test whose value contains the string abcd.

Result:
All fields with name = test whose value contains the string abcd are hashed as per your selected algorithm (MD5).

Matches Transformation

Transformed Events where field name: test and value contains abcd as substring


Is True and Is False

Description: Filter an Event or field if its value is true or false.
Filter On: All Events, Event Type, Event Field.
All Fields, Field Name, Field Value.
Configuration Settings: Select a Boolean Value.
Transformation Considerations: None.

Example:

Filters:
Event Type = All Events.
Fields = All Fields with Name = test having value true.

Result:
All fields with name = test whose value = true are hashed as per your selected algorithm (MD5).

Is True and Is False Transformation

Transformed Events where field name: test and value: True


Matches Type and Not Matches Type

Description: Filter an Event or field if its value matches type or not.
Filter On: All Events, Event Field.
All Fields, Field Value.
Configuration Settings: Select a Data Type. For example, Boolean.
Transformation Considerations: None.

Example:

Filters:
Event Type = All Events.
Fields = All fields with value matching type Numeric.

Result:
All field values matching type numeric are hashed as per your selected algorithm (MD5).

Matches Type Transformation

Transformed Events where field value match type: Numeric


Has Field and Does Not Have Field

Description: Filter an Event if it has or does not have a specific field.
Filter On: All Events, Event Type.
Configuration Settings: Enter Field Name: Provide a field name that you would like your event to have.
Transformation Considerations: None.

Example:

Filters:
Event Type = All Events with Field Name = column_1.

Result:
All fields of events with field name = column_1 are hashed as per your selected algorithm (MD5).

Has Field Transformation

Transformed Events where field name is column_1



Revision History

Refer to the following table for the list of key updates made to this page:

Date Release Description of Change
Nov-09-2021 1.75 Renamed Like operator to Starts With to accurately reflect the functionality.
Sep-09-2021 1.71 Updated the page to include a description and an example for all the Operators available for defining the filters.
Jun-14-2021 1.65 New document.
Last updated on 08 Nov 2021