Active Lists to check against events on demand...best method?
What I'm trying to accomplish and what would most easily satisfy my need is if my filter which contains an active list could be used against an active channel. From everything I've read this is not a possibility. Here's the scenario:
- I have an active list which is populated regularly via a CSV file. This active list contains a single field that is being populated...nothing more. This active list has over 1300 entries in it. To clarify a bit, it contains id=xxxxxx and a six digit number represented by the x's. Events with the particular xxxxxx numbers in this active list are something we want to report, alert and pull a history of on demand. The reporting and alerting functions work just fine.
The problem I have is when someone comes up to me and says I need a list of all events for the last week matches based on this filter which contains this active list. I unfortunately cannot do this with an active channel....that I can see. So I've built a query which uses the filter that contains the active list in question. I then use a query viewer to pull the information on demand. This will pull the data I require but I'm wondering if this is a better way? So I thought I'd share my scenario with all of you in hopes that you may be able to enlighten me. Thank you in advance and Happy Holidays!
If your ESM is v 4.0+ create a Trend whose query conditions reference your active list. Depending on how fluid your Active List is you might have to have your Trend update hourly. Most of mine do that and I have quite a number of them. Set your retention to a couple of months or something and you are good to go. From a reporting standpoint you can write a query that references this Trend and link your report to it. If you want to get really high speed you can insert a conditional variable in this query allowing you to populate a particular ID number at runtime.
Also, don't forget the 'GetActiveListValue' variable, it might be useful in this situation as well. It lets you evaluate field values against those in an active list. You can use it in rules to get hits on events in real time, or you can put it in a query to get hits from current list data in historical events.