Wizards for creating monitors and rules often require you to enter an expression that specifies criteria for the data that is being collected. To provide the criteria, you have to understand how to build an expression and the syntax required for different kinds of data. Some of the wizards might prompt you for the required information, while for others you might have to know the appropriate syntax and potential options.
Expression Structure
A single expression can be comprised of multiple criteria. Each criteria is comprised of a Parameter Name, Operator, and Value. Each of these parts is described below. For a rule, each of the criteria must be true for an alert to be created or for data to be collected. For a monitor, each health state of the monitor has its own expression. For example, in a two-state monitor, one expression defines the healthy state for the monitor while another expression defines the critical state. Only one of these expressions should be set to true at a particular time.
Logical Operators
By default, each criteria in an expression must be true for the expression to be true because the criteria are members of an AND group. You can also add an OR group to specify that only one criteria of a set must be true. By embedding a combination of AND groups and OR groups, you can create a set of criteria as complex as you require.
Parts of an Expression
Parameter Name
The parameter name specifies which property of the incoming data to evaluate. The syntax for the parameter name depends on the kind of data that your monitor or rule is using. The following table provides the general syntax. The links take you to online content describing each in greater detail.
| Data | Syntax | Example | Notes |
|---|---|---|---|
|
[Property Name] |
Event ID |
The expression dialog box prompts you for the available properties. |
|
|
Params\Param[1] |
Params\Param[1] |
The entire line of the log file is accessed with Param[1]. |
|
|
Params\Param[#] |
Params\Param[2] |
The fields in the log are numbered from left to right starting with 1. |
|
|
Collection[@Name=<Instance>]/Property[@Name=<PropertyName>] |
Collection[@Name='TargetInstance']/Property[@Name='Caption'] |
||
|
[Property Name] |
Severity |
The list of available properties are listed in the [Events] section. |
|
|
Property[@Name=<ValueName>] |
Property[@Name='Status'] |
A monitoring script returns a property bag. The expression must include the name of the value in the property bag. |
Operator
The operator specifies the comparison that will be performed between the value of the data property specified in Parameter Name and the value specified in Value.
| Operator | Description |
|---|---|
|
Equals |
The string or number specified in the data is exactly equal to the string or number specified in Value. If this is a string value, the comparison is not case sensitive. |
|
Does not equal |
The string or number specified in the data is not exactly equal to the string or number specified in Value. If this is a string value, the comparison is not case sensitive. |
|
Greater than |
The value in the data is greater than the number specified in Value. |
|
Greater than or equal to |
The value in the data is greater than or equal to the number specified in Value. |
|
Less than |
The value in the data is less than the number specified in Value. |
|
Less than or equal to |
The value in the data is less than or equal to the number specified in Value. |
|
Contains |
The string specified in Value appears somewhere in the data. |
|
Does not contain |
The string specified in Value appears somewhere in the data. |
|
Matches wildcard |
The string specified in Value matches the string including wildcard. The wildcard character is * and represents any number of characters. |
|
Does not match wildcard |
The string specified in Value does not match the string including wildcard. The wildcard character is * and represents any number of characters. |
|
Matches regular expression |
The string in the data matches the regular expression specified in Value. |
|
Does not match regular expression |
The string in the data does not match the regular expression specified in Value. |
Value
The value can be specific text or a number typed into the Value field. For example, a particular event might be defined by its source and number. These are both constant values that can be typed into the Value field.
A value can also come from a property on the target object. Any property on the target object or on any of the object’s parents can be used. You can view a list of the properties and their values for any object by viewing the object in the Discovered Inventory view.
Target properties have different values for different objects. For example, you might use Logical Disk (Server) as a target and require the total size of the disk in the criteria. Logical disks have a property called Size (Mbytes) that stores the total size of the disk. The value of this property differs for different disks in the management group. When you use a target variable as the value, it is evaluated separately for each object.
You can select a target property by clicking the ellipse button (…) on the right of the criteria line. This displays a list of all available properties for the object that you selected for the target and the hosting parents of that object. If you select one of these properties, the appropriate target variable is added to the criteria.
For More Information
For more information about expressions , see Expressions in the Authoring Guide.