Skip to main content

Scope filter query fields and operators

Scope filters limit the events, alerts, or incidents affected by actions in many features in APEX AIOps Incident Management, such as workflows, correlation definitions, and maintenance windows. Rules around data types limit the operators that you can use with specific fields.

The following tables show a complete listing of default fields supported by Incident Management and their supported operators. After your instance begins ingesting data, it is likely you will have additional fields available for use in queries.

Events

The following fields and operators can be used when creating scope filter queries for events.

Fields

Supported operators

alias

=

!=

in

not in

like

not like

MATCHES

not MATCHES

check

=

!=

in

not in

like

not like

MATCHES

not MATCHES

class

=

!=

in

not in

like

not like

MATCHES

not MATCHES

dedupe_key

=

!=

in

not in

like

not like

MATCHES

not MATCHES

description

=

!=

in

not in

like

not like

MATCHES

not MATCHES

event id

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.aisle

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.availability_zone

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.building

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.city

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.country

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.data_center

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.floor

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.geo_coordinates.lat

=

!=

>

<

>=

<=

in

not in

like

not like

location.geo_coordinates.long

=

!=

>

<

>=

<=

in

not in

like

not like

location.postcode

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.rack

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.region

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.state_or_province

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.street

=

!=

in

not in

like

not like

MATCHES

not MATCHES

location.suite

=

!=

>

<

>=

<=

in

not in

like

not like

location.u_position

=

!=

in

not in

like

not like

MATCHES

not MATCHES

manager

=

!=

in

not in

like

not like

MATCHES

not MATCHES

manager_id

=

!=

in

not in

like

not like

MATCHES

not MATCHES

namespace

=

!=

in

not in

like

not like

MATCHES

not MATCHES

policy

=

!=

in

not in

like

not like

MATCHES

not MATCHES

services

=

!=

in

not in

like

not like

MATCHES

not MATCHES

severity

=

!=

in

not in

like

not like

source

=

!=

in

not in

like

not like

MATCHES

not MATCHES

type

=

!=

in

not in

like

not like

MATCHES

not MATCHES

utc offset

=

!=

in

not in

like

not like

MATCHES

not MATCHES

Alerts

The following fields and operators can be used when creating scope filter queries for alerts.

Fields

Supported operators

alias

=

!=

in

not in

like

not like

MATCHES

not MATCHES

assigned groups

=

!=

in

not in

like

not like

MATCHES

not MATCHES

assignee

=

!=

in

not in

like

not like

MATCHES

not MATCHES

changes

=

!=

in

not in

For a list of valid values for changes, refer to Understand alerts and alert details .

like

not like

check

=

!=

in

not in

like

not like

MATCHES

not MATCHES

class

=

!=

in

not in

like

not like

MATCHES

not MATCHES

created at

=

!=

in

not in

like

not like

dedupe key

=

!=

in

not in

like

not like

MATCHES

not MATCHES

description

=

!=

in

not in

like

not like

MATCHES

not MATCHES

event count

=

!=

>

<

>=

<=

in

not in

like

not like

external names

=

!=

in

not in

like

not like

MATCHES

not MATCHES

first event time

=

!=

in

not in

like

not like

id

=

!=

>

<

>=

<=

in

not in

like

not like

in maintenance

=

!=

in

not in

like

not like

incidents

=

!=

>

<

>=

<=

in

not in

like

not like

last event time

=

!=

in

not in

like

not like

last status change time

=

!=

in

not in

like

not like

maintenance

=

!=

in

not in

like

not like

MATCHES

not MATCHES

manager

=

!=

in

not in

like

not like

MATCHES

not MATCHES

manager id

=

!=

in

not in

like

not like

MATCHES

not MATCHES

namespace

=

!=

in

not in

like

not like

MATCHES

not MATCHES

policy

=

!=

in

not in

like

not like

MATCHES

not MATCHES

service

=

!=

in

not in

like

not like

MATCHES

not MATCHES

severity

=

!=

in

not in

like

not like

severity high water

=

!=

in

not in

like

not like

severity high water numeric

=

!=

>

<

>=

<=

in

not in

like

not like

severity numeric

=

!=

>

<

>=

<=

in

not in

like

not like

source

=

!=

in

not in

like

not like

MATCHES

not MATCHES

status

=

!=

in

not in

like

not like

status numeric

=

!=

>

<

>=

<=

in

not in

like

not like

type

=

!=

in

not in

like

not like

MATCHES

not MATCHES

Incidents

The following fields and operators can be used when creating scope filter queries for incidents.

Fields

Supported operators

alerts

=

!=

>

<

>=

<=

in

not in

like

not like

assigned groups

=

!=

in

not in

like

not like

MATCHES

not MATCHES

assignee

=

!=

in

not in

like

not like

MATCHES

not MATCHES

auto closed on

=

!=

>

<

>=

<=

in

not in

like

not like

changes

=

!=

in

not in

For a list of valid values for changes, refer to Understand alerts and alert details .

like

not like

classes

=

!=

in

not in

like

not like

MATCHES

not MATCHES

closed on

=

!=

in

not in

like

not like

correlation definition

=

!=

in

not in

like

not like

MATCHES

not MATCHES

correlation definition name

=

!=

in

not in

like

not like

MATCHES

not MATCHES

created at

=

!=

in

not in

like

not like

description

=

!=

in

not in

like

not like

MATCHES

not MATCHES

external names

=

!=

in

not in

like

not like

MATCHES

not MATCHES

first event time

=

!=

in

not in

like

not like

id

=

!=

>

<

>=

<=

in

not in

like

not like

impact

=

!=

in

not in

like

not like

in maintenance

=

!=

in

not in

like

not like

in progress on

=

!=

in

not in

like

not like

last event time

=

!=

in

not in

like

not like

last state change

=

!=

in

not in

like

not like

manual description set

=

!=

in

not in

like

not like

MATCHES

not MATCHES

merged into incident

=

!=

>

<

>=

<=

in

not in

like

not like

originator

=

!=

in

not in

like

not like

MATCHES

not MATCHES

policies

=

!=

in

not in

like

not like

MATCHES

not MATCHES

priority

=

!=

in

not in

like

not like

priority numeric

=

!=

<

<=

>

>=

in

not in

like

not like

resolve time

=

!=

>

<

>=

<=

in

not in

like

not like

resolved on

=

!=

in

not in

like

not like

resolving steps

=

!=

>

<

>=

<=

in

not in

like

not like

services

=

!=

in

not in

like

not like

MATCHES

not MATCHES

severity

=

!=

in

not in

like

not like

severity high water numeric

=

!=

>

<

>=

<=

in

not in

like

not like

severity numeric

=

!=

>

<

>=

<=

in

not in

like

not like

sources

=

!=

in

not in

like

not like

MATCHES

not MATCHES

status

=

!=

in

not in

like

not like

status numeric

=

!=

>

<

>=

<=

in

not in

like

not like

superseded by

=

!=

>

<

>=

<=

in

not in

like

not like

superseded on

=

!=

in

not in

like

not like

total alerts

=

!=

>

<

>=

<=

in

not in

like

not like

type

=

!=

in

not in

like

not like

MATCHES

not MATCHES

urgency

=

!=

in

not in

like

not like

In this section: