i'm trying complex alerts out where i look for nodes that are in production and the last boot time has changed for the primary section and for my secondary section i want to exclude groups that i'm okay with if a node last boot has changed. for example i have equipment at my company that will turn off at night and then back on in the am (switch, camera, etc.) but i have other network devices, servers that i want to alert on (thus the groups). however i'm still picking up devices that have been rebooted but are in the group name that should have been exluded. has anyone seen this before or is there other logic i'm missing that the group has to be the primary vs the node?
example device is SC010 XC216 which is a Siemens device part of the below groups which should have been excluded since the word "Strad" is in the group name. i've also tried "and" for the secondary as well.