# Conditional {% hint style="info" %} See the changelog of this Action type [here](/actions/conditional.md). {% endhint %} ## Overview The **Conditional** Action evaluates a list of conditions for an event. If an event meets a given condition, it will be sent through an output port specific to that condition. The event will be sent through the default output if it does not meet any conditions.

Set any number of conditions on your data for filtering and alerting. In order to configure this Action, you must first link it to a Listener or other Action. Go to [Building a Pipeline ](/the-workspace/pipelines/building-a-pipeline.md)to learn how to link. {% hint style="info" %} **AI Action Assistant** This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in [this article](/the-workspace/pipelines/building-a-pipeline/ai-assistant/ai-action-assistant.md). {% endhint %} ## Ports These are the input and output ports of this Action:

Input ports

* **Default port** - All the events to be processed by this Action enter through this port.

Output ports

* **Default port** - Events are sent through this port if no error occurs while processing them. * **Error port** - Events are sent through this port if an error occurs while processing them. * **Condition port** - Each condition you add will have its own port. There is currently a limit of 8 conditions per Action, however, if you link another Conditional to the **Default** port, you can use the events to continue creating more conditions.

## Configuration {% stepper %} {% step %} Find **Conditional** in the **Actions** tab (under the **Filtering** group) and drag it onto the canvas. Link it to the required [Listener](/the-workspace/listeners.md) and [Data sink](/the-workspace/data-sinks.md). {% endstep %} {% step %} To open the configuration, click the Action in the canvas and select **Configuration**. {% endstep %} {% step %} Choose how to start adding conditions using the **View mode** buttons. Select your conditions using the buttons available in the **Visual** view (default mode), or write them in **Code** mode. {% endstep %} {% step %} Now, start adding your conditions. Each of the conditions you define will create a new output port in the Action. Give a name to the **Port**. {% endstep %} {% step %} Choose the **Field** with the input data you want to use in the condition. This allows you to choose not only the field to filter by, but also the specific Action to take it from, if there are multiple options. {% endstep %} {% step %} Choose a **Condition** for the filter. The options you see here will differ depending on the data type of the field you have selected:

Condition	Data types	Description
Contains		This condition checks if your input data strings contain certain keywords (either matching the data with another field or entering a specific literal). In code mode, this condition is represented like this: `${field1} contains ${field2}` `${field1} contains "test"`
Doesn't contain		This condition checks if your input data strings do not contain certain keywords (either matching the data with another field or entering a specific literal). In code mode, this condition is represented like this: `${field1} does not contain ${field2}` `${field1} does not contain "test"`
Equal / Equal to		This condition checks if your input data values are the same as other values (either matching the data with another field or entering a specific literal). In code mode, this condition is represented like this: `${field1} == ${field2}` `${field1} == "test"` `${field1} == 5`
Not equal / Not equal to		This condition checks if your input data values are not the same as other values (either matching the data with another field or entering a specific literal). In code mode, this condition is represented like this: `${field1} != ${field2}` `${field1} != "test"` `${field1} != 5`
Is null		This condition checks if your input data values are null. In code mode, this condition is represented like this: `${field1} is null`
Is not null		This condition checks if your input data values are not null. In code mode, this condition is represented like this: `${field1} is not null`
Matches		This condition checks if your input data strings match a given RegEx. Enter your RegEx in the Regular expression field that appears, or type it directly in the code mode. Click the flag icon in the editor to add additional conditions (you can combine as many as required): multiline - This flag affects the behavior of `^` and `$`. In multiline mode, matches occur not only at the beginning and the end of the string, but also at the start/end of each line. In code mode, add `m` at the end of your RegEx to include this condition. insensitive - Add this flag if you want to make the matches case insensitive. In code mode, add `i` at the end of your RegEx to include this condition. single - In code mode, add `s` at the end of your RegEx to include this condition. ungreedy - Add this flag if you want to apply an ungreedy (lazy) matching, that is to say, you want to get as few characters as needed to complete the pattern in a single match. In code mode, add `U` at the end of your RegEx to include this condition. In code mode, this condition is represented like this: ${field1} matches `\d{3}` ${field1} matches `\d{3}`i ${field1} matches `\d{3}`misU
Does not match		This condition checks if your input data strings do not match a given RegEx. Enter your RegEx in the Regular expression field that appears, or type it directly in the code mode. Click the flag icon in the editor to add additional conditions (check their description in the Matches condition above). In code mode, this condition is represented like this: ${field1} does not match `\d{3}` ${field1} does not match `\d{3}`m ${field1} does not match `\d{3}`misU
Less than		This condition checks if your input data numbers are less than other values (either matching the data with another field or entering a specific literal). In code mode, this condition is represented like this: `${field1} < ${field2}` `${field1} < 5` `${field1} < 1.4`
Less than or equal to		This condition checks if your input data numbers are less than or equal to other values (either matching the data with another field or entering a specific literal). In code mode, this condition is represented like this: `${field1} <= ${field2}` `${field1} <= 5` `${field1} <= 1.4`
Greater than		This condition checks if your input data numbers are greater than other values (either matching the data with another field or entering a specific literal). In code mode, this condition is represented like this: `${field1} > ${field2}` `${field1} > 5` `${field1} > 1.4`
Greater than or equal to		This condition checks if your input data numbers are greater than or equal to other values (either matching the data with another field or entering a specific literal). In code mode, this condition is represented like this: `${field1} >= ${field2}` `${field1} >= 5` `${field1} >= 1.4`

{% endstep %} {% step %} While the conditional action sends to the port of the first matching condition, you can opt to use the **All conditions match** checkbox to send the event to every matching condition's port. {% endstep %} {% step %} Now you can add `AND`/`OR` clauses to your condition, or add a new condition entirely using the **Add Condition** option. You can add a maximum of 8 conditions/ports. In code mode, `AND`/`OR` clauses are represented like this: * `${field1} contains "test" and ${field2} == 10` * `${field1} contains "test" or ${field2} contains "test"` {% hint style="warning" %} **Only one level of grouping allowed in conditions**\ When defining conditions through the user interface, only one level of grouping using parentheses is allowed. This means you can use `and`, `or`, and parentheses to group expressions, but you cannot nest groups within other groups. **Allowed:**\ `(${A} != null and ${A} != "" and (${A} == "x" or ${A} == "y"))` **Not allowed:**\ `(((${A} == "x" or ${A} == "y") and ${A} != null) or (${B} == "internet"))` **In code mode:**\ If you're configuring conditions directly in code mode, you *can* use multiple levels of grouping without restrictions. {% endhint %} {% endstep %} {% step %} Click **Save** to complete. {% endstep %} {% endstepper %} ## Example Let's say you have data on error and threat detection methods in storage devices and you wish to detect **threats** and **errors** using the Cyclic Redundancy Check methods **crc8, crc16** and **crc24**. {% stepper %} {% step %} ### Conditional Add a **Conditional** to the canvas and link it to the Listener or Action, providing your data. {% endstep %} {% step %} ### Condition 1 * **Field:** crc * **Condition:** equals * **Field:** crc8 Any events meeting this condition will exit via this port. Each condition has its own port. {% endstep %} {% step %} ### Condition 2 * **Field:** crc * **Condition:** equals * **Field:** crc16 {% endstep %} {% step %} ### Condition 3 * **Field:** crc * **Condition:** equals * **Field:** crc24 {% endstep %} {% step %} ### Output Now you have a Conditional action with three output ports, crc8, crc16 and crc24, as well as the default and error ports. {% endstep %} {% step %} ### Conditional 2 Add another conditional to the canvas and enter the following: * **Field:** msg * **Condition:** contains * **Field:** threat Now when the message contains "threat", an event will be generated and sent via the threat port. {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onum.com/the-workspace/pipelines/actions/filtering/conditional.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.