I require help in setting up an Alarm Queue with the following filter:

Severity = Critical AND Annotation Not Available

AND

Service Name = Splunk OR Entity contains (###|###|###|###)

The only option that I can find to have an OR, is when the same attribute is usedm for instance Service, but creating an OR between different attributes is not possible.

Per current design it is not possible to combine those conditons. Alarms view is "AND "for different fields and "OR" in the same field. Complex filters will be expanded in the future.