Event Exclusion Schema
- 06 Aug 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Event Exclusion Schema
- Updated on 06 Aug 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Event Exclusion Filter Configuration",
"type": "object",
"required": ["eventExclusionFilterConfig"],
"properties": {
"eventExclusionFilterConfig": {
"type": "array",
"description": "Array of event exclusion filter configurations",
"items": {
"type": "object",
"required": ["description"],
"properties": {
"description": {
"type": "string",
"description": "Human-readable description of the event exclusion filter configuration"
},
"AND": {
"type": "array",
"minItems": 1,
"description": "Array of conditions that must all be true (AND logic)",
"items": {
"$ref": "#/definitions/condition"
}
},
"OR": {
"type": "array",
"minItems": 1,
"description": "Array of conditions where at least one must be true (OR logic)",
"items": {
"$ref": "#/definitions/condition"
}
}
},
"oneOf": [
{ "required": ["AND"] },
{ "required": ["OR"] }
]
}
}
},
"definitions": {
"condition": {
"oneOf": [
{
"type": "object",
"required": ["field", "operator"],
"properties": {
"field": {
"type": "string",
"description": "Field name to evaluate",
"enum": [
"acknowledgetime_conv", "acknowledgetimetext_conv", "agentip_conv", "alert_conv", "created_date_conv", "description_conv",
"devicename_conv", "device_agent_name", "device_region_name", "device_ip", "displayname_conv", "enterprise_conv", "eventid_conv", "last_text_time_conv", "last_time_conv", "last_time_in_conv",
"location_conv", "origination_conv", "rawdevicename_conv", "source_conv", "rig_source_id", "subdevicename_conv", "text_time_conv",
"time_conv", "time_in_conv", "tenant","tenant_id", "trapname_conv", "servername_conv"
]
},
"operator": {
"type": "string",
"enum": [
"EQUALS", "CONTAINS", "NOT_CONTAINS", "STARTS_WITH", "ENDS_WITH", "NOT_EQUALS",
"GREATER_THAN", "LESS_THAN", "REGEX", "EMPTY", "NOT_EMPTY",
"DATE_EQUALS", "DATE_GREATER_THAN", "DATE_LESS_THAN"
],
"description": "Comparison operator"
},
"values": {
"type": "array",
"description": "Array of values to compare against",
"items": {
"type": "string"
}
}
},
"allOf": [
{
"if": {
"properties": {
"operator": {
"enum": ["EMPTY", "NOT_EMPTY"]
}
}
},
"then": {
"not": {
"required": ["values"]
}
},
"else": {
"required": ["values"]
}
},
{
"if": {
"properties": {
"operator": {
"enum": ["DATE_EQUALS", "DATE_GREATER_THAN", "DATE_LESS_THAN"]
}
}
},
"then": {
"properties": {
"values": {
"items": {
"type": "string",
"pattern": "^(\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(\\.\\d{1,9})?)$|^(\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}(\\.\\d{1,3})?)$|^(\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})$",
"description": "A date string in the format: yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSS or yyyy-MM-dd HH:mm:ss.SSS or yyyy-MM-dd HH:mm:ss"
}
}
}
}
}
]
},
{
"type": "object",
"required": ["AND"],
"properties": {
"AND": {
"type": "array",
"minItems": 1,
"description": "Nested AND conditions",
"items": {
"$ref": "#/definitions/condition"
}
}
}
},
{
"type": "object",
"required": ["OR"],
"properties": {
"OR": {
"type": "array",
"minItems": 1,
"description": "Nested OR conditions",
"items": {
"$ref": "#/definitions/condition"
}
}
}
}
]
}
}
}Was this article helpful?