Threshold event filter

In addition to the simple filter options, a threshold event filter processes an event after it has occurred a specified number of times within a specified interval.

An event triggers associated actions if, within the specified interval, the event occurs the number of times specified in the Count field.

For example, you can define a threshold filter to monitor frequently occurring heartbeat events and forward the event to IBM® Systems Director Server only when the heartbeat event is received for the 100th time during a specified amount of time. Count is set to 100 and Interval is set to 5 minutes. When the specified event is received for the 100th time within 5 minutes, the event actions are invoked, and the Count and Interval settings are reset. To invoke the event actions a second time, the specified event must be received 100 times within an interval of 5 minutes again. If only 90 events are received within the 5 minutes, the Count and Interval settings are reset.

Another example is to create a threshold filter such that, if a user attempts to log on with a bad password five times within five minutes, the event automation plan will trigger associated event actions.

Related concepts

Events that are available for filtering
Simple event filter
Duplication event filter
Exclusion event filter
Related tasks

Selecting specific events for filtering
Related reference

Event Filter Builder window
Event Filter Builder window: Category page
Event Filter Builder window: Day and Time page
Event Filter Builder window: Event Text page
Event Filter Builder window: Event Type page
Event Filter Builder window: Extended Attributes page
Event Filter Builder window: Sender Name page
Event Filter Builder window: Severity page
Event Filter Builder window: System Variables page
Event Filter Builder window: Frequency page

Table of Contents