Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Network Node Manager i Software10.30

Administer > Configure Incidents > Configure Syslog Message Incidents (ArcSight) > Syslog Message Configuration Form (ArcSight) > Configure suppression settings for a Syslog message incident

Configure suppression settings for a Syslog message incident

[This is the Context-Sensitive Help topic for the Incident Config: Suppress Tab for all Incident Configurations.]

NNMi enables you to suppress incidents based on Interface Group, Node Group, or default Suppression settings. NNMi applies your Suppression settings in the following order. Only the first match applies.

Interface Group (Management Event Configuration Form: Interface Settings tab)
Node Group (Management Event Configuration Form: Node Settings tab)
Suppression configuration settings without specifying an Interface Group or Node Group (Management Event Configuration Form: Suppression tab)

A Payload Filter enables you to use the data that is included with any of the following items before they are stored as incidents in NNMi:

Traps generated from an SNMP agent
Syslog messages generated from ArcSightEvent (ArcSight only)
Management incidents that are generated by NNMi

Examples of the type of data that can be used as a Payload Filter include SNMP trap varbind names and values as well as CIA (Custom Incident Attribute) names and values. For example, you might want NNMi to suppress a particular status change notification trap for a specified Node Group or Interface Group. To do so, you could include the name of the trap varbind that stores this information as well as the particular status change value string the traps that you want to suppress should contain.

To configure suppression for an incident using a Payload Filter without an Interface Group or Node Group Filter:

Navigate to the Management Event Configuration form:
1. From the workspace navigation panel, select the Configuration workspace.
2. Expand the Incidents folder.
3. Select Management Event Configurations.
4. Do one of the following:
Select the Suppression tab.
Provide the required information (see table)
Click Save and Close to save your changes and return to the previous form.

Suppression Attributes
Name	Description
Enable	Use this attribute to temporarily disable an incident's suppression settings: Disable = Temporarily disable the selected configuration. Enable = Enable the selected configuration.
Payload Filter	The Payload Filter Editor enables you to create expressions that further refine the filters used to select the incidents to be suppressed, enriched, or dampened. Make sure to design any complex Payload Filters offline as a Boolean expression first. This method can help to minimize errors when entering your expressions using the Payload Filter editor. When creating a Payload Filter, note the following: Payload Filter expressions for the `like` and `not like` operators use the syntax defined for java regular expressions (java.util.regex Pattern class). You must use a `ciaName` that already exists in the trap or event you are configuring. Each set of expressions associated with a Boolean Operator is treated as if it were enclosed in parentheses and evaluated together. View the expression displayed under Filter String to see the logic of the expression as it is created. The `AND` and `OR` Boolean Operators must contain at least two expressions as shown in the example below. The following example filters incidents on voltage state: `AND ciaName = .1.3.6.1.4.1.9.9.13.1.2.1.7 ciaValue = 5` NNMi evaluates the expression above as follows: `(ciaName = .1.3.6.1.4.1.9.9.13.1.2.1.7 AND ciaValue = 5)` NNMi finds all incidents with a varbind `.1.3.6.1.4.1.9.9.13.1.2.1.7` value of 5. When you use `ciaName` and `ciaValue` in a Payload Filter, you must enter the `ciaName` and `ciaValue` as a pair as shown in the preceding example. The placement of your cursor and the subsequent text that is selected is important when performing operations using the Payload Filter Editor. For example, you append to, replace, or change the indentation of the expression that is selected. The placement of your cursor and the subsequent text that is selected is especially important when adding your Boolean operators. You can include more than one varbind in the same Payload Filter expression as shown in the following example: `((ciaName like \Q.1.3.6.1.4.1.9.9\E.* AND ciaValue = 25) AND (ciaName like \Q.1.3.6.1.2.1.2.2.1.1.3\E.* AND ciaValue = 3))` In this example, a given trap must meet each of the following criteria: Contain a varbind whose Object Identifier (OID) matches the regular expression `\Q.1.3.6.1.4.1.9.9\E.` and has a value of `25`. Contain a varbind whose OID matches the regular expression `\Q.1.3.6.1.2.1.2.2.1.1.3\E.` and has a value of `3`.

Payload Filter Editor Settings
Attribute	Description
Attribute	The attribute name on which NNMi searches. Filterable attributes include the following: ciaName ciaValue sourceName When you use `ciaName` and `ciaValue` in a Payload Filter, you must enter the `ciaName` and `ciaValue` as a pair. For example: `(ciaName =.1.3.6.1.4.1.9.9.13.1.2.1.7 ) AND ( (ciaValue = 4) OR ( ciaValue = 5))` is not supported. The `sourceName` value must be the name of the node as displayed on the node form and not the host name or management address.
Operator	Valid operators are described below. = Finds all values equal to the value specified. Example: `ciaName=.1.3.6.1.4.1.9.9.13.1.2.1.7` matches any incident that contains a varbind with the name value of .1.3.6.1.4.1.9.9.13.1.2.1.7. != Finds all values not equal to the value specified. Example: `ciaName! = .1.3.6.1.4.1.9.9.13.1.2.1.7` matches any incident that contains a varbind with a name value other than 1.3.6.1.4.1.9.9.13.1.2.1.7. < Finds all values less than the value specified. Example: `ciaValue < 6` matches any incident that contains a varbind with a value less than 6. <= Finds all values less than or equal to the value specified. Example: `ciaValue <= 6` matches any incident that contains a varbind with a value less than or equal to 6. > Finds all values greater than the value specified. Example: `ciaValue` `> 4` matches any incident that contains a varbind with a value greater than 4. >= Finds all values greater than or equal to the value specified. Example: `ciaValue >= 4` matches any incident that contains a varbind with values greater than or equal to 4. between Finds all values equal to and between the two values specified. Example: `ciaValue between` matches any incident that contains a varbind value equal to or greater than 1 and equal to or less than 4. As shown in the example, each value must be entered on a separate line. in Finds any match to at least one value in a list of values. Example: `ciaValue in` matches any incident with a varbind value of either 4 or 5. As shown in the example, each value must be entered on a separate line. NNMi displays the list of attributes using comma-separated values enclosed in parentheses, for example (4, 5). However, the comma-separated list is used only for display purposes. The actual delimiter is the new line. is not null Finds all non-blank values. Example: `ciaValue is not null` matches any incident with a varbind that contains a value. is null Finds all blank values. Example: `ciaValue is null` matches any incident with a varbind that does not contain a value. like Finds matches using the syntax defined for java regular expressions. See the Pattern (Java Platform SE6) API documentation at: `http://download.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html` for more information. Click here for more information. The period asterisk (.) characters mean any number of characters of any type at this location. The period (.) character means any single character of any type at this location. To include literal string values in the Value attribute, enclose the string value in \Q<literal_value>\E as shown in the Examples listed below. Example: `ciaName like \Q.1.3.6.1.4.1.9.9\E.` matches any incident that contains a varbind name value that begins with 1.3.6.1.4.1.9.9 and (optionally) ends with any number of characters. `ciaValue like .Chicago.` finds all traps or events that contain a varbind value that includes the string Chicago. not between Finds all values except those between the two values specified. Example: `ciaValue not between 5 8` matches an incident that contains a varbind with the values less than 5 or greater than 8 . not in Finds all values except those included in the list of values. Example: `ciaValue not in` matches any incident that contains a varbind with values other than 1 and 2. As shown in the example, each value must be entered on a separate line. NNMi displays the list of attributes using comma-separated values enclosed in parentheses, for example, (1, 2). However, the comma-separated list is used only for display purposes. The actual delimiter is the new line. not like Finds all that do not have the values specified using the syntax defined for Java regular expressions. See the Pattern (Java Platform SE6) API documentation at: `http://download.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html` for more information. The period asterisk (.) characters mean any number of characters of any type at this location. The period (.) character means any single character of any type at this location. To include literal string values in the Value attribute, enclose the string value in \Q<literal_value>\E as shown in the Examples listed below. Example: `ciaName not like \Q.1.3.6.1.4.1.9.9\E.` matches any incident that contains a varbind name value that does not begin with .1.3.6.1.4.1.9.9 and (optionally) ends with any number of characters. `ciaValue not like .Chicago.` finds all traps or events that do not contain a varbind value that includes the string Chicago.
Value	The value for which you want NNMi to search. Note the following: The values you enter are case sensitive. NNMi displays a variable number of value fields depending on the Operator selected. For example, the `between` Operator causes two value fields to be displayed. The `between, in` and `not in` operators require that each value be entered on a separate line.

Payload Filter Editor Buttons
Button	Description
Append	Appends the current expression (Attribute, Operator,and Value) to the selected expression already included in the filter string.
Insert	Inserts the current expression (Attribute, Operator,and Value) in front of the cursor location within the Filter String.
Replace	Replaces the selected expression with the expression displayed in the Attribute, Operator, and Value fields.
AND	Inserts the AND Boolean Operator in the selected cursor location. View the expression displayed under Filter String to see the logic of the expression as it is created.
OR	Inserts the OR Boolean Operator in the current cursor location. View the expression displayed under Filter String to see the logic of the expression as it is created.
NOT	Can be used in any part of the Filter String to specify that NNMi should exclude interfaces with values that pass the expression that immediately follows the `NOT`. For example, when evaluating the following expression, NNMi includes interfaces with (interface description) `ifDesc` containing VLAN, and excludes any Interfaces that have VLAN10 for the (interface name) `ifName` value: `(ifDesc like VLAN AND NOT (ifName=VLAN10))` View the expression displayed under Filter String to see the logic of the expression as it is created.
EXISTS	Used for filters that include Capabilities or Custom Attribute names and values in the Filer String. Indicates that you want NNMi to consider interfaces that have Capabilities or Custom Attributes when evaluating the Filter String. Tip When creating complex Filter Strings that include `customAttrName` and `customAttrValue` pairs as one component of an "or" statement, to prevent NNMi from excluding Nodes that have zero Custom Attributes, use EXISTS or NOT EXISTS criteria for the `customAttrName` and `customAttrValue` pair definitions. Otherwise Nodes that do not have any Custom Attributes are automatically excluded even if they have values that pass other aspects of your filter. For example, when evaluating the following Filter String, NNMi includes interfaces with (interface description) `ifDesc` containing VLAN, as well as any Interfaces Custom Attribute Role value is LAN Connection to Oracle Server: `(ifDesc like VLAN OR EXISTS((customAttrName=Role AND customAttrValue=LAN Connection to Oracle Server)))` View the expression displayed under Filter String to see the logic of the expression as it is created.
NOT EXISTS	Used for filters that include Capabilities or Custom Attribute names and values in the Filer String. Indicates that you want NNMi to consider interfaces that do not have any Capabilities or Custom Attributes when evaluating the Filter String, but exclude the interfaces that match the expression that follows the NOT EXISTS. Tip When creating complex Filter Strings that include `customAttrName` and `customAttrValue` pairs as one component of an "or" statement, to prevent NNMi from excluding Nodes that have zero Custom Attributes, use EXISTS or NOT EXISTS criteria for the `customAttrName` and `customAttrValue` pair definitions. Otherwise Nodes that do not have any Custom Attributes are automatically excluded even if they have values that pass other aspects of your filter. For example, when evaluating the following expression, NNMi includes interfaces with (interface description) `ifDesc` containing VLAN, and excludes any Interfaces that have the Custom Attribute Role and that Role value is LAN Connection to Oracle Server: `(ifDesc like VLAN OR NOT EXISTS((customAttrName=Role AND customAttrValue=LAN Connection to Oracle Server)))` View the expression displayed under Filter String to see the logic of the expression as it is created.
Delete	Deletes the selected expression. If the Boolean Operator is selected, the Payload Filter Editor deletes all expressions associated with the Boolean Operator.

Configure suppression settings for a Syslog message incident

Related topics