ONTAP 9.14.1 commands

event filter create

Create a new event filter.

Availability: This command is available to cluster administrators at the admin privilege level.


The event filter create command creates a new event filter. An event filter is used to select the events of interest and is made up of one or more rules, each of which contains the following three fields:


  • name - event (message) name.

  • severity - event severity.

  • snmp-trap-type - event SNMP trap type.

     These fields are evaluated for a match using a logical "AND" operation: name AND severity AND SNMP trap type. Within a field, the specified values are evaluated with an implicit logical "OR" operation. So, if `-snmp-trap-type` ``_Standard, Built-in_`` is specified, then the event must match ``_Standard_`` OR ``_Built-in_`` . The wildcard matches all values for the field.
    * Type - include or exclude. When an event matches an include rule, it will be included into the filter, whereas it will be excluded from the filter if it matches an exclude rule.

Rules are checked in the order they are listed for a filter, until a match is found. There is an implicit rule at the end that matches every event to be excluded. For more information, see the event filter rule command.

There are three system-defined event filters provided for your use:

  • default-trap-events - This filter matches all ALERT and EMERGENCY events. It also matches all Standard, Built-in SNMP trap type events.

  • important-events - This filter matches all ALERT and EMERGENCY events.

  • no-info-debug-events - This filter matches all non-INFO and non-DEBUG messages (EMERGENCY, ALERT, ERROR and NOTICE).

The system-defined event filters cannot be modified or deleted.


-filter-name <text> - Filter Name

Use this mandatory parameter to specify the name of the event filter to create. An event filter name is 2 to 64 characters long. Valid characters are the following ASCII characters: A-Z, a-z, 0-9, "", and "-". The name must start and end with: A-Z, a-z, "", or 0-9.

[-access-control-role <text>] - Access Control Role

Use this parameter to specify the access control role of the event filter. Access control role indicates the user role which created the filter and is used to control access to the filter based on RBAC rules.

This is an optional field. If not specified, the currently logged in user role is used. If created by the 'admin' user, the field is left unset.


The following example creates an event filter named filter1:

cluster1::> event filter create -filter-name filter1

cluster1::> event filter show
Filter      Rule Rule                                    SNMP Trap
Name        Posn Type     Message Name     Severity      Type      Parameters
----------- ---- -------- ---------------- ------------- --------- -----------
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  *                *             Standard, Built-in
            3    exclude  *                *             *         *=*
            1    exclude  *                *             *         *=*
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  callhome.*       ERROR         *         *=*
            3    exclude  *                *             *         *=*
            1    include  *                EMERGENCY, ALERT, ERROR, NOTICE
                                                         *         *=*
            2    exclude  *                *             *         *=*
9 entries were displayed.
Top of Page