Hi, I'm creating some correlation rule filters based upon the Display IDX of an alarm table. I see that there are some methods available to help with the matching (in particular the use of ';', '?' and '*')
In one correlation rule I'm trying to raise a correlation alarm "Mains Power Fail" if the alarm Display IDX matches: AC Phase1 Fail;AC Phase2 Fail;AC Phase3 Fail;Partial AC Fail or AC Fail.
There will be other similar correlation rules based on a different list of device alarms.
Now the tricky bit I'm trying to solve is to create a catch-all filter, i.e.: for all other alarms I would like to raise the correlation alarm "Misc Alarm". Is there a way to specify a negated list here? Does this field only allow the use of ';', '?' and '*' or can I use regex here?
Hi Bing,
You can create a negated list, by changing the "equal to", into "not equal to".
e.g.
To prevent other alarms to match the correlation filter, you can add a second filter that filters out all other alarms.
e.g.
Ive, I tried “Not equal to” however the evaluation of the logic turns out to be different to what I expected. What happens is that all other alarms (even from other devices) are considered because those alarms are not equal to the parameter of that particular protocol. So the result is a correlated alarm containing all alarms from other devices.
Hi Bing,
In that case, you need to extend your filter, to filter out this specific parameter, except for those with the given indexes.
I’ve added an additional screenshot in the original answer with an example.
Brilliant! That logic works as expected. Appreciate the additional explanation Ive.
Nice! Why didn’t I think of that… Thanks Ive!