Filter using Matching Expressions.

Matching Expressions are filters configurable for every alert. Only incoming events that match the filter will be processed and can affect the alert state. More specifically:

 Some alert types require a filter (string match); for some, it is optional (parallel calls), and some may use multiple ones. Particularly, the "ratio"-based alert can be used to compute ASR so that it initially filters successful call-start events and failing call-attempt events and then computes the percentage of the call-start subset.

A basic term consists of an attribute name, operator, and operand. The following expression looks for event of "call-start" type:

attrs.type="call-end"

The name can include multiple dot-separated entries for nested attributes. Available operators are equal "=", begins with "^", RegExp "~", smaller "<" and greater ">" such as in the following example:

attrs.duration>3600

The next example uses a regular expression to capture both call-start and call-attempt events.

attrs.type~"call-start|call-attempt"

The right-hand operand can be a number, string enclosed in "" or '', or the term undef (without enclosure!). The term undef evaluates true if the attribute doesn't exist in the inspected JSON.document.

attrs.foo=undef

Multiple terms can be "ANDed" using "&", then the matching expression only evaluates true if all terms are true. The following expression is true for call-end events reporting calls longer than an hour. 

attrs.type="call-end" & attrs.duration>3600

Negation can be used to negate the whole expression. It is expressed by an exclamation mark at the beginning of the expression. The following example matches if either of the two MOS average values is lesser than  or equal to 3.0 (negation of AND-ed expression is OR of negated terms)

! attrs.rtp-MOScqex-avg-a>3.0 & rtp-MOScqex-avg-b>3.0