Scope filter query fields and operators

Scope filters limit the events, alerts, or incidents affected by actions in many features in APEX AIOps Incident Management, such as workflows, correlation definitions, and maintenance windows. Rules around data types limit the operators that you can use with specific fields.

The following tables show a complete listing of default fields supported by Incident Management and their supported operators. After your instance begins ingesting data, it is likely you will have additional fields available for use in queries.

Events

The following fields and operators can be used when creating scope filter queries for events.

Fields	Supported operators
`alias`	= != in not in MATCHES not MATCHES
`check`	= != in not in MATCHES not MATCHES
`class`	= != in not in MATCHES not MATCHES
`dedupe_key`	= != in not in MATCHES not MATCHES
`description`	= != in not in MATCHES not MATCHES
`event id`	= != in not in MATCHES not MATCHES
`location.aisle`	= != in not in MATCHES not MATCHES
`location.availability_zone`	= != in not in MATCHES not MATCHES
`location.building`	= != in not in MATCHES not MATCHES
`location.city`	= != in not in MATCHES not MATCHES
`location.country`	= != in not in MATCHES not MATCHES
`location.data_center`	= != in not in MATCHES not MATCHES
`location.floor`	= != in not in MATCHES not MATCHES
`location.geo_coordinates.lat`	= != > < >= <= in not in
`location.geo_coordinates.long`	= != > < >= <= in not in
`location.postcode`	= != in not in MATCHES not MATCHES
`location.rack`	= != in not in MATCHES not MATCHES
`location.region`	= != in not in MATCHES not MATCHES
`location.state_or_province`	= != in not in MATCHES not MATCHES
`location.street`	= != in not in MATCHES not MATCHES
`location.suite`	= != > < >= <= in not in
`location.u_position`	= != in not in MATCHES not MATCHES
`manager`	= != in not in MATCHES not MATCHES
`manager_id`	= != in not in MATCHES not MATCHES
`namespace`	= != in not in MATCHES not MATCHES
`policy`	= != in not in MATCHES not MATCHES
`services`	= != in not in MATCHES not MATCHES
`severity`	= != in not in
`source`	= != in not in MATCHES not MATCHES
`type`	= != in not in MATCHES not MATCHES
`utc offset`	= != in not in MATCHES not MATCHES

Alerts

The following fields and operators can be used when creating scope filter queries for alerts.

Fields	Supported operators
`alias`	= != in not in MATCHES not MATCHES
`assigned groups`	= != in not in MATCHES not MATCHES
`assignee`	= != in not in MATCHES not MATCHES
`changes`	= != in not in For a list of valid values for `changes`, refer to Understand alerts and alert details .
`check`	= != in not in MATCHES not MATCHES
`class`	= != in not in MATCHES not MATCHES
`created at`	= != in not in
`dedupe key`	= != in not in MATCHES not MATCHES
`description`	= != in not in MATCHES not MATCHES
`event count`	= != > < >= <= in not in
`external names`	= != in not in MATCHES not MATCHES
`first event time`	= != in not in
`id`	= != > < >= <= in not in
`in maintenance`	= != in not in
`incidents`	= != > < >= <= in not in
`last event time`	= != in not in
`last status change time`	= != in not in
`maintenance`	= != in not in MATCHES not MATCHES
`manager`	= != in not in MATCHES not MATCHES
`manager id`	= != in not in MATCHES not MATCHES
`namespace`	= != in not in MATCHES not MATCHES
`policy`	= != in not in MATCHES not MATCHES
`service`	= != in not in MATCHES not MATCHES
`severity`	= != in not in
`severity high water`	= != in not in
`severity high water numeric`	= != > < >= <= in not in
`severity numeric`	= != > < >= <= in not in
`source`	= != in not in MATCHES not MATCHES
`status`	= != in not in
`status numeric`	= != > < >= <= in not in
`type`	= != in not in MATCHES not MATCHES

Incidents

The following fields and operators can be used when creating scope filter queries for incidents.

Fields	Supported operators
`alerts`	= != > < >= <= in not in
`assigned groups`	= != in not in MATCHES not MATCHES
`assignee`	= != in not in MATCHES not MATCHES
`auto closed on`	= != > < >= <= in not in
`changes`	= != in not in For a list of valid values for `changes`, refer to Understand alerts and alert details .
`classes`	= != in not in MATCHES not MATCHES
`closed on`	= != in not in
`correlation definition`	= != in not in MATCHES not MATCHES
`correlation definition name`	= != in not in MATCHES not MATCHES
`created at`	= != in not in
`description`	= != in not in MATCHES not MATCHES
`external names`	= != in not in MATCHES not MATCHES
`first event time`	= != in not in
`id`	= != > < >= <= in not in
`impact`	= != in not in
`in maintenance`	= != in not in
`in progress on`	= != in not in
`last event time`	= != in not in
`last state change`	= != in not in
`manual description set`	= != in not in MATCHES not MATCHES
`merged into incident`	= != > < >= <= in not in
`originator`	= != in not in MATCHES not MATCHES
`policies`	= != in not in MATCHES not MATCHES
`priority`	= != in not in
`resolve time`	= != > < >= <= in not in
`resolved on`	= != in not in
`resolving steps`	= != > < >= <= in not in
`services`	= != in not in MATCHES not MATCHES
`severity`	= != in not in
`severity high water numeric`	= != > < >= <= in not in
`severity numeric`	= != > < >= <= in not in
`sources`	= != in not in MATCHES not MATCHES
`status`	= != in not in
`status numeric`	= != > < >= <= in not in
`superseded by`	= != > < >= <= in not in
`superseded on`	= != in not in
`total alerts`	= != > < >= <= in not in
`type`	= != in not in MATCHES not MATCHES
`urgency`	= != in not in

In this section:

Scope filter query fields and operators

Events

Alerts

Incidents

Search results