Filter Queries

The Logic.Monitor PowerShell module provides powerful filtering capabilities through the -Filter parameter available in most Get commands. You can also use the Build-LMFilter cmdlet to help construct complex filters. Some cmdlets include a -FilterWizard parameter automatically.

Filter Syntax

The filter syntax supports the following operators:

Operator	Description	Example
-eq	Equal	`name -eq 'myserver'`
-ne	Not equal	`hostStatus -ne 'dead'`
-gt	Greater than	`id -gt 100`
-lt	Less than	`severity -lt 4'`
-ge	Greater than or equal	`alertCount -ge 5`
-le	Less than or equal	`alertCount -le 10`
-contains	Contains	`displayName -contains 'prod'`
-notcontains	Does not contain	`name -notcontains 'test'`
-and	Logical AND	`displayName -contains 'web' -and hostStatus -eq 'normal'`
-or	Logical OR	`hostStatus -eq 'dead' -or hostStatus -eq 'normal'`

Using the Filter Wizard

The module includes a Filter Wizard to help construct complex filters visually:

LM Filter Wizard

To use the Filter Wizard:

# Launch the Filter Wizard
Build-LMFilter

# Use the generated filter with any Get command
Get-LMDevice -Filter (Build-LMFilter)

# Use builtin filter wizard parameter
Get-LMDeviceGroup -FilterWizard

Common Filter Examples

Device Filtering

# Find production devices
Get-LMDevice -Filter 'customProperties -eq "{\"name\":\"environment\",\"value\":\"production\"}"'

# Find devices with specific hostStatus
Get-LMDevice -Filter 'hostStatus -eq "dead" -or hostStatus -eq "normal"'

# Find devices by collector
Get-LMDevice -Filter 'preferredCollectorId -eq 1'

# Find devices updated recently
Get-LMDevice -Filter 'lastUpdatedTime -gt "$((Get-Date).AddHours(-24))"'

Alert Filtering

# Get critical alerts
Get-LMAlert -Filter 'severity -eq "Critical"'

# Get unacknowledged alerts
Get-LMAlert -Filter 'ackTime -eq "$null"'

# Get alerts for specific device
Get-LMAlert -Filter 'deviceDisplayName -eq "myserver.domain.com"'

User Filtering

# Find active users
Get-LMUser -Filter 'status -eq "active"'

# Find users with specific role
Get-LMUser -Filter 'roles -contains "administrator"'

# Find users by email domain
Get-LMUser -Filter 'email -contains "@company.com"'

Date Filtering Examples

# Get devices not reporting in last 30 days
$thirtyDaysAgo = [int][double]::Parse((Get-Date).AddDays(-30).ToUniversalTime().Subtract((Get-Date "1/1/1970")).TotalSeconds)
Get-LMDevice -Filter "lastDataTime -lt '$thirtyDaysAgo'"

# Get alerts from last 24 hours
$lastDay = [int][double]::Parse((Get-Date).AddHours(-24).ToUniversalTime().Subtract((Get-Date "1/1/1970")).TotalSeconds)
Get-LMAlert -Filter "startEpoch -gt '$lastDay'"

# Get SDTs scheduled for next week
$nextWeek = [int][double]::Parse((Get-Date).AddDays(7).ToUniversalTime().Subtract((Get-Date "1/1/1970")).TotalSeconds)
Get-LMSDT -Filter "startDateTime -lt '$nextWeek'"

Best Practices

Quote Values: Always wrap string values in single quotes
Terminal window
```
Get-LMDevice -Filter 'name -eq "myserver"'
```

Date Handling: Convert dates to epoch seconds

# Helper function for date conversion
$epoch = [int][double]::Parse((Get-Date).AddDays(-30).ToUniversalTime().Subtract((Get-Date "1/1/1970")).TotalSeconds)
Get-LMDevice -Filter "lastDataTime -lt '$epoch'"

Complex Properties: Use escaped JSON for property filters

Get-LMDevice -Filter 'customProperties -eq "{\"name\":\"environment\",\"value\":\"production\"}"'

Multiple Conditions: Group conditions logically

Get-LMDevice -Filter '(hostStatus -eq "active" -and displayName -contains "prod") -or displayName -contains "critical"'

Testing Filters

You can test your filters before using them:

# Test a filter query
Test-LMAppliesToQuery -Query 'system.hostname =~ "prod"'

# Preview filter results
Get-LMDevice -Filter 'hostStatus -eq "active"' | Select-Object id, displayName, name