Supported operators
Operators currently supported for custom audit filters are numeric, boolean, and string.
| Numeric operations | Boolean operations | String operations |
|---|---|---|
|
“<”: less than “>”: greater than “<= : less than or equal to “>=: greater than or equal to |
“==”: equals to “!=”: not equals to |
“startsWith”: starts with “endsWith”: ends with “contains”: contains (case-sensitive) “notContains”: does not contain (case-sensitive) “isNull”: is null “notNull”: is not null “containsIgnoreCase”: contains (case-insensitive) “notContainsIgnoreCase”: does not contain (case-insensitive) |
A typical rule is defined in the following manner:
{
"desc": "Discard all hive_table audits with name containing test",
"action": "DISCARD",
"ruleName": "test_rule_1",
"ruleExpr": {
"ruleExprObjList": [
{
"typeName": "hive_table",
"attributeName": "name",
"operator": "contains",
"attributeValue": "test"
}
]
}
}
