Conditional

Most recent version: v1.0.0

PreviousFiltering NextSampling

Last updated 4 days ago

Was this helpful?

Conditional

Most recent version: v1.0.0

See the changelog of this Action type here.

Overview

The Conditional action evaluates a list of conditions for an event. If an event meets a given condition, it will be sent through an output port specific to that condition. The event will be sent through the default output if it does not meet any conditions.

Set any number of conditions on your data for filtering and alerting.

In order to configure this action, you must first link it to a Listener. Go to Building a Pipeline to learn how to link.

AI Action Assistant

This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in this article.

Ports

These are the input and output ports of this Action:

Input ports

Default port - All the events to be processed by this Action enter through this port.

Output ports

Default port - Events are sent through this port if no error occurs while processing them.
Error port - Events are sent through this port if an error occurs while processing them.
Condition port - Each condition you add will have its own port. There is currently a limit of 8 conditions per Action.

Configuration

Find Conditional in the Actions tab (under the Filtering group) and drag it onto the canvas. Link it to the required Listener and Data sink.

To open the configuration, click the Action in the canvas and select Configuration.

Enter the required parameters:

Parameter

Description

View mode

Select your conditions using the buttons available, or write it in Code mode.

Field*

The Field option lets you choose not only the field to filter for, but the specific Action to take it from.

Conditions

Choose between the following conditions for the filter (or use the arrow keys on your keyboard to navigate up and down the list). The options you see here will differ depending on the data type of the field you have selected.

Number
- (<) Less than
- (≤) Less than or equal to
- (>) Greater than
- (≥) Greater than or equal to
- (=) Equal to
- (!=) Not equal to
String
- Contains
- Doesn't contain
- Equal
- Not equal
Boolean
- Equal
- Not equal
- Contains
- Does not contain
- Equal to
- Not equal to
All types
- Is null
- Is not null

Enter the value to filter in (remember to press enter if you´re writing one) and you have your condition.

Field

Choose the field to carry out the condition on.

AND/OR

Now you can add AND/OR clauses to your condition, or add a new condition entirely using the Add Condition option. Add string (contains, not contain, equals, not equal) or int (greater, less, equal, not equal) using OR & AND.

Click Save to complete.

Example

Let's say you have data on error and threat detection methods in storage devices and you wish to detect threats and errors using the Cyclic Redundancy Check methods crc8, crc16 and crc24.

Conditional

Add a Conditional to the canvas and link it to the Listener or Action providing your data.

Condition 1

Field: crc
Condition: equals
Field: crc8

Any events meeting this condition will exit via this port. Each condition has its own port.

Condition 2

Field: crc
Condition: equals
Field: crc16

Condition 3

Field: crc
Condition: equals
Field: crc24

Output

Now you have a Conditional action with three output ports, crc8, crc16 and crc24, as well as the default and error ports.

Conditional 2

Add another conditional to the canvas and enter the following:

Field: msg
Condition: contains
Field: threat

Now when the message contains "threat", an event will be generated and sent via the threat port.

PreviousFiltering NextSampling

Last updated 4 days ago

Was this helpful?

See the changelog of this Action type here.

Overview

Set any number of conditions on your data for filtering and alerting.

In order to configure this action, you must first link it to a Listener. Go to Building a Pipeline to learn how to link.

AI Action Assistant

This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in this article.

Ports

These are the input and output ports of this Action:

Input ports

Default port - All the events to be processed by this Action enter through this port.

Output ports

Default port - Events are sent through this port if no error occurs while processing them.
Error port - Events are sent through this port if an error occurs while processing them.
Condition port - Each condition you add will have its own port. There is currently a limit of 8 conditions per Action.

Configuration

Find Conditional in the Actions tab (under the Filtering group) and drag it onto the canvas. Link it to the required Listener and Data sink.

To open the configuration, click the Action in the canvas and select Configuration.

Enter the required parameters:

Parameter

Description

View mode

Select your conditions using the buttons available, or write it in Code mode.

Field*

The Field option lets you choose not only the field to filter for, but the specific Action to take it from.

Conditions

Number
- (<) Less than
- (≤) Less than or equal to
- (>) Greater than
- (≥) Greater than or equal to
- (=) Equal to
- (!=) Not equal to
String
- Contains
- Doesn't contain
- Equal
- Not equal
Boolean
- Equal
- Not equal
- Contains
- Does not contain
- Equal to
- Not equal to
All types
- Is null
- Is not null

Enter the value to filter in (remember to press enter if you´re writing one) and you have your condition.

Field

Choose the field to carry out the condition on.

AND/OR

Click Save to complete.

Example

Conditional

Add a Conditional to the canvas and link it to the Listener or Action providing your data.

Condition 1

Field: crc
Condition: equals
Field: crc8

Any events meeting this condition will exit via this port. Each condition has its own port.

Condition 2

Field: crc
Condition: equals
Field: crc16

Condition 3

Field: crc
Condition: equals
Field: crc24

Output

Now you have a Conditional action with three output ports, crc8, crc16 and crc24, as well as the default and error ports.

Conditional 2

Add another conditional to the canvas and enter the following:

Field: msg
Condition: contains
Field: threat

Now when the message contains "threat", an event will be generated and sent via the threat port.