Create Alert
You can create an alert to notify users when specific data appears in the logs. An alert is based on a query.
{
"id": "17cdc484-ae7a-477d-8091-da0557234290",
"name": "test_alert",
"description": "Describe test_alert significance in details",
"recommendations": "Recommendations for test_alert",
"periodInMillis": 300000,
"threshold": 0,
"severityThreshold": {
"CRITICAL": 5,
"WARNING": 0,
"INFO": 0,
"IMMEDIATE": 0
},
"severityToNotificants": {
"CRITICAL": {
"emailRecipients": [
"[email protected]"
],
"notificationConfigs": [
"1e21284e-c1d8-43f8-b95f-2ebaea801389"
],
"sendToVrops": false
}
},
"severityToSendToVrops": {
"CRITICAL": false,
"WARNING": false,
"INFO": false,
"IMMEDIATE": false
},
"operator": "GREATER_THAN",
"contentPackId": "9e21284e-c1d8-43f8-b95f-2ebaea801389",
"source": "USER_DEFINED",
"alertType": "windowed",
"cspOrgId": "ed52932c-1274-4495-b7f5-a647f3c0ec69",
"query": {
"queryId": "fdf871f3-c548-41fe-9d50-b592d7e44970",
"name": "test_query",
"contentPackId": "9e21284e-c1d8-43f8-b95f-2ebaea801389",
"source": "USER_DEFINED",
"description": "Query Logs based on contraints",
"constraints": {
"operator": "AND",
"fieldName": null,
"value": null,
"constraints": [
{
"operator": "AND",
"fieldName": null,
"value": null,
"constraints": [
{
"operator": "CONTAINS",
"fieldName": "text",
"value": "ankita",
"constraints": [],
"tags": []
}
],
"tags": [
"log-intelligence:search-bar"
]
},
{
"operator": "AND",
"fieldName": null,
"value": null,
"constraints": [
{
"operator": "CONTAINS",
"fieldName": "text",
"value": "error",
"constraints": [],
"tags": []
}
],
"tags": []
}
],
"tags": []
},
"aggregationFunctions": [
{
"fieldName": null,
"functionName": "COUNT"
}
],
"groupByTerms": [
{
"fieldName": "timestamp",
"groupByType": "FIXED_BUCKET"
}
],
"relationFunctions": []
},
"enabled": true,
"emailRecipients": [
"[email protected]"
],
"notificationConfigs": [
"1e21284e-c1d8-43f8-b95f-2ebaea801389"
],
"snoozeStartTimeInMillis": 1688975291792,
"snoozeEndTimeInMillis": 1688975291789,
"waitBetweenNotificationsInSeconds": 300,
"alertMetadata": {
"description": "Additional information about this alert",
"key1": "value1",
"key2": "value2"
},
"createdAt": 1680240792,
"lastUpdatedAt": 1680250854,
"entityTagAssociation": [
{
"tagId": "4c454315-e469-432b-a302-3e8eb0e10690",
"tagName": "test_tag_1"
},
{
"tagId": "7795d0ee-4d0b-496b-b48b-fc5b7c6f4e89",
"tagName": "test_tag_2"
}
],
"notificationMetadata": {
"isIncludeAllLogs": true,
"customFields": [
"environment",
"lint-api",
"time_taken_by_lint_api"
],
"outputFormat": "TABLE"
},
"logRcaConfig": {
"id": "733f07bb-6802-450c-9f4c-94623f9d2b90",
"autoRcaEnabled": false,
"timeWindowMin": 5,
"minFilterThreshold": 0,
"rankThreshold": 1,
"mergeThreshold": 0.7,
"createdAt": "2023-03-31T05:33:12.502112Z",
"createdBy": "[email protected]",
"lastUpdatedAt": "2023-03-31T05:33:12.502112Z",
"lastUpdatedBy": "[email protected]"
},
"force": false
}
Alert ID
Alert name
Alert description
Alert recommendations for troubleshooting
Time period that indicates how frequently the alert should be evaluated (in milliseconds)
Minimum threshold for triggering the alert
Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) and threshold value
Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) to list of notificants(email & webhook)
Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) to boolean check for sending to vROps
Condition for triggering the alert
ID of the content pack that the alert belongs to if the alert is part of a content pack
Source of the alert
Type of alert
Unique ID associated with the org
Indicates whether the alert is enabled or disabled
Email recipients for the alert notifications
Notification configs associated with the alert
Start time for snoozing the alert (in milliseconds)
Time till when alert is to be snoozed
Wait time for consecutive notifications
Additional information associated with the alert
List of tags associated with this alert
It represents other objects in the system have referential dependencies on this query. Saving changes to this query may cause behavioral changes in other objects.Before saving this change, be sure there are no unintended consequences on the following objects, as the previous state of this query can’t be retrieved. If you still want to save changes to this query then pass a parameter ‘force’ as value ’true’ while calling this Api
CREATED
{
"id": "17cdc484-ae7a-477d-8091-da0557234290",
"name": "test_alert",
"description": "Describe test_alert significance in details",
"recommendations": "Recommendations for test_alert",
"periodInMillis": 300000,
"threshold": 0,
"severityThreshold": {
"CRITICAL": 5,
"WARNING": 0,
"INFO": 0,
"IMMEDIATE": 0
},
"severityToNotificants": {
"CRITICAL": {
"emailRecipients": [
"[email protected]"
],
"notificationConfigs": [
"1e21284e-c1d8-43f8-b95f-2ebaea801389"
],
"sendToVrops": false
}
},
"severityToSendToVrops": {
"CRITICAL": false,
"WARNING": false,
"INFO": false,
"IMMEDIATE": false
},
"operator": "GREATER_THAN",
"contentPackId": "9e21284e-c1d8-43f8-b95f-2ebaea801389",
"source": "USER_DEFINED",
"alertType": "windowed",
"cspOrgId": "ed52932c-1274-4495-b7f5-a647f3c0ec69",
"query": {
"queryId": "fdf871f3-c548-41fe-9d50-b592d7e44970",
"name": "test_query",
"contentPackId": "9e21284e-c1d8-43f8-b95f-2ebaea801389",
"source": "USER_DEFINED",
"description": "Query Logs based on contraints",
"constraints": {
"operator": "AND",
"fieldName": null,
"value": null,
"constraints": [
{
"operator": "AND",
"fieldName": null,
"value": null,
"constraints": [
{
"operator": "CONTAINS",
"fieldName": "text",
"value": "ankita",
"constraints": [],
"tags": []
}
],
"tags": [
"log-intelligence:search-bar"
]
},
{
"operator": "AND",
"fieldName": null,
"value": null,
"constraints": [
{
"operator": "CONTAINS",
"fieldName": "text",
"value": "error",
"constraints": [],
"tags": []
}
],
"tags": []
}
],
"tags": []
},
"aggregationFunctions": [
{
"fieldName": null,
"functionName": "COUNT"
}
],
"groupByTerms": [
{
"fieldName": "timestamp",
"groupByType": "FIXED_BUCKET"
}
],
"relationFunctions": []
},
"enabled": true,
"emailRecipients": [
"[email protected]"
],
"notificationConfigs": [
"1e21284e-c1d8-43f8-b95f-2ebaea801389"
],
"snoozeStartTimeInMillis": 1688975291792,
"snoozeEndTimeInMillis": 1688975291789,
"waitBetweenNotificationsInSeconds": 300,
"alertMetadata": {
"description": "Additional information about this alert",
"key1": "value1",
"key2": "value2"
},
"createdAt": 1680240792,
"lastUpdatedAt": 1680250854,
"entityTagAssociation": [
{
"tagId": "4c454315-e469-432b-a302-3e8eb0e10690",
"tagName": "test_tag_1"
},
{
"tagId": "7795d0ee-4d0b-496b-b48b-fc5b7c6f4e89",
"tagName": "test_tag_2"
}
],
"notificationMetadata": {
"isIncludeAllLogs": true,
"customFields": [
"environment",
"lint-api",
"time_taken_by_lint_api"
],
"outputFormat": "TABLE"
},
"logRcaConfig": {
"id": "733f07bb-6802-450c-9f4c-94623f9d2b90",
"autoRcaEnabled": false,
"timeWindowMin": 5,
"minFilterThreshold": 0,
"rankThreshold": 1,
"mergeThreshold": 0.7,
"createdAt": "2023-03-31T05:33:12.502112Z",
"createdBy": "[email protected]",
"lastUpdatedAt": "2023-03-31T05:33:12.502112Z",
"lastUpdatedBy": "[email protected]"
},
"force": false
}
Alert ID
Alert name
Alert description
Alert recommendations for troubleshooting
Time period that indicates how frequently the alert should be evaluated (in milliseconds)
Minimum threshold for triggering the alert
Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) and threshold value
Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) to list of notificants(email & webhook)
Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) to boolean check for sending to vROps
Condition for triggering the alert
ID of the content pack that the alert belongs to if the alert is part of a content pack
Source of the alert
Type of alert
Unique ID associated with the org
Indicates whether the alert is enabled or disabled
Email recipients for the alert notifications
Notification configs associated with the alert
Start time for snoozing the alert (in milliseconds)
Time till when alert is to be snoozed
Wait time for consecutive notifications
Additional information associated with the alert
List of tags associated with this alert
It represents other objects in the system have referential dependencies on this query. Saving changes to this query may cause behavioral changes in other objects.Before saving this change, be sure there are no unintended consequences on the following objects, as the previous state of this query can’t be retrieved. If you still want to save changes to this query then pass a parameter ‘force’ as value ’true’ while calling this Api