Section 3.2.2.3, “Filtering for specific traffic” describes the basic use of filters. To use a filter, the an expression is entered into the filter bar, which specifies what to filter on. The filter expression is actually interpreted in JavaScript, which allows the full power of JavaScript to be used to create a filter. The expression can take the form of a series of JavaScript statements, eg

statement-1;
statement-2;
...
statement-n
            

Each of these statements is evaluated for each network traffic datapoint found. The result used by the filter is the result of the final statement, statement-n, which must be a boolean. If the result is true, then the datapoint is passed by the filter, and added to the chart. If the result is false, then that datapoint is discarded. If the final expression is not a boolean, then an error is indicated. Note that the statements prior to the final one may have side effects, that affect the result of the final statement.

The terms that can be referenced from the filter are listed in Section 9.2, “Terms available for use in filters”. Any valid JavaScript boolean operator or function can be used to evaluate a term. Of particular note are regular expressions. These allow terms that are strings to be matched against patters, rather than just values. For example, to find all traffic on a specific interface sourced by a host in the 10.0.0.0/24 subnet, you can use the filter:

srcIPAddr.search("10.0.0.*") >= 0
            

This works using the JavaScript search method, which can be applied to any string. If the string matches the regular expression given as an argument to search. then it will return the character position of the match, otherwise it returns -1 (hence the test for >= 0). Of course, much more complex expressions can be created as required.

The include statement, as described in Section 9.4, “Integrating sFlowTrend-Pro with other applications”, is also available for use in filters.