Skip to main content

containsAlertDetails

A Workflow Engine function that returns true if all or any of the alerts in the Situation matches the filter condition. Uses SQL-like filter syntax. See Filter Search Data for more information on filters.

Applies the scope to all Situations in the Workflow when there are multiple Situations in context. For example, if you used a sweep up filter in the workflow definition. In this case, if you have set the scope to 'any', every Situation must have at least one alert match the SQL-like filter for the function to return true.

This function is available as a feature of the Workflow Engine v1.0 and later.

This function is available for Situation workflows only.

The workflow sweep up filter applies to this function.

Back to Workflow Engine Functions Reference.

Arguments

Workflow Engine function containsAlertDetails takes the following arguments:

Name

Required

Type

Description

scope

Yes

String

Sets the scope of the contains match to:

all : every alert within the Situation must match the SQL-like filter.

any: at least one alert within the Situation must match the SQL-like filter

Applies the scope to all Situations in the workflow.

filter

Yes

String

SQL-like CEvent filter to use to evaluate alerts against. For example: "severity > 1".

Example

The following example demonstrates typical use of Workflow Engine function containsAlertDetails. If you want to verify that a Situation contains at least one severity 3 or higher alert, set the following:

  • scope: any

  • filter: severity >= 3

The UI translates your settings to the following JSON:

{"scope":"any","filter":"severity >= 3"}