Create Alert

Create Alert

You can create an alert to notify users when specific data appears in the logs. An alert is based on a query.

Request
URI
POST
https://{api_host}//vrlic/api/v1/alert
COPY
Request Body
AlertDefinitionDto of type(s) application/json
Required
{
    "id": "17cdc484-ae7a-477d-8091-da0557234290",
    "name": "test_alert",
    "description": "Describe test_alert significance in details",
    "recommendations": "Recommendations for test_alert",
    "periodInMillis": 300000,
    "threshold": 0,
    "severityThreshold": {
        "CRITICAL": 5,
        "WARNING": 0,
        "INFO": 0,
        "IMMEDIATE": 0
    },
    "severityToNotificants": {
        "CRITICAL": {
            "emailRecipients": [
                "[email protected]"
            ],
            "notificationConfigs": [
                "1e21284e-c1d8-43f8-b95f-2ebaea801389"
            ],
            "sendToVrops": false
        }
    },
    "severityToSendToVrops": {
        "CRITICAL": false,
        "WARNING": false,
        "INFO": false,
        "IMMEDIATE": false
    },
    "operator": "GREATER_THAN",
    "contentPackId": "9e21284e-c1d8-43f8-b95f-2ebaea801389",
    "source": "USER_DEFINED",
    "alertType": "windowed",
    "cspOrgId": "ed52932c-1274-4495-b7f5-a647f3c0ec69",
    "query": {
        "queryId": "fdf871f3-c548-41fe-9d50-b592d7e44970",
        "name": "test_query",
        "contentPackId": "9e21284e-c1d8-43f8-b95f-2ebaea801389",
        "source": "USER_DEFINED",
        "description": "Query Logs based on contraints",
        "constraints": {
            "operator": "AND",
            "fieldName": null,
            "value": null,
            "constraints": [
                {
                    "operator": "AND",
                    "fieldName": null,
                    "value": null,
                    "constraints": [
                        {
                            "operator": "CONTAINS",
                            "fieldName": "text",
                            "value": "ankita",
                            "constraints": [],
                            "tags": []
                        }
                    ],
                    "tags": [
                        "log-intelligence:search-bar"
                    ]
                },
                {
                    "operator": "AND",
                    "fieldName": null,
                    "value": null,
                    "constraints": [
                        {
                            "operator": "CONTAINS",
                            "fieldName": "text",
                            "value": "error",
                            "constraints": [],
                            "tags": []
                        }
                    ],
                    "tags": []
                }
            ],
            "tags": []
        },
        "aggregationFunctions": [
            {
                "fieldName": null,
                "functionName": "COUNT"
            }
        ],
        "groupByTerms": [
            {
                "fieldName": "timestamp",
                "groupByType": "FIXED_BUCKET"
            }
        ],
        "relationFunctions": []
    },
    "enabled": true,
    "emailRecipients": [
        "[email protected]"
    ],
    "notificationConfigs": [
        "1e21284e-c1d8-43f8-b95f-2ebaea801389"
    ],
    "snoozeStartTimeInMillis": 1688975291792,
    "snoozeEndTimeInMillis": 1688975291789,
    "waitBetweenNotificationsInSeconds": 300,
    "alertMetadata": {
        "description": "Additional information about this alert",
        "key1": "value1",
        "key2": "value2"
    },
    "createdAt": 1680240792,
    "lastUpdatedAt": 1680250854,
    "entityTagAssociation": [
        {
            "tagId": "4c454315-e469-432b-a302-3e8eb0e10690",
            "tagName": "test_tag_1"
        },
        {
            "tagId": "7795d0ee-4d0b-496b-b48b-fc5b7c6f4e89",
            "tagName": "test_tag_2"
        }
    ],
    "notificationMetadata": {
        "isIncludeAllLogs": true,
        "customFields": [
            "environment",
            "lint-api",
            "time_taken_by_lint_api"
        ],
        "outputFormat": "TABLE"
    },
    "logRcaConfig": {
        "id": "733f07bb-6802-450c-9f4c-94623f9d2b90",
        "autoRcaEnabled": false,
        "timeWindowMin": 5,
        "minFilterThreshold": 0,
        "rankThreshold": 1,
        "mergeThreshold": 0.7,
        "createdAt": "2023-03-31T05:33:12.502112Z",
        "createdBy": "[email protected]",
        "lastUpdatedAt": "2023-03-31T05:33:12.502112Z",
        "lastUpdatedBy": "[email protected]"
    },
    "force": false
}
string
id
Optional

Alert ID

string
name
Required

Alert name

string
description
Optional

Alert description

string
recommendations
Optional

Alert recommendations for troubleshooting

integer As int64 As int64
periodInMillis
Required

Time period that indicates how frequently the alert should be evaluated (in milliseconds)

number As double As double
threshold
Optional

Minimum threshold for triggering the alert

object
severityThreshold
Required

Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) and threshold value

object
severityToNotificants
Optional

Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) to list of notificants(email & webhook)

object
severityToSendToVrops
Optional

Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) to boolean check for sending to vROps

string
operator
Required

Condition for triggering the alert

Possible values are : GREATER_THAN, LESS_THAN,
string
contentPackId
Optional

ID of the content pack that the alert belongs to if the alert is part of a content pack

string
source
Optional

Source of the alert

string
alertType
Required

Type of alert

string
cspOrgId
Optional

Unique ID associated with the org

query
Required

query

boolean
enabled
Optional

Indicates whether the alert is enabled or disabled

array of string
emailRecipients
Optional

Email recipients for the alert notifications

array of string
notificationConfigs
Optional

Notification configs associated with the alert

integer As int64 As int64
snoozeStartTimeInMillis
Optional

Start time for snoozing the alert (in milliseconds)

integer As int64 As int64
snoozeEndTimeInMillis
Optional

Time till when alert is to be snoozed

integer As int64 As int64
waitBetweenNotificationsInSeconds
Optional

Wait time for consecutive notifications

object
alertMetadata
Optional

Additional information associated with the alert

entityTagAssociation
Optional

List of tags associated with this alert

notificationMetadata
Optional

notificationMetadata

logRcaConfig
Optional

logRcaConfig

boolean
force
Optional

It represents other objects in the system have referential dependencies on this query. Saving changes to this query may cause behavioral changes in other objects.Before saving this change, be sure there are no unintended consequences on the following objects, as the previous state of this query can’t be retrieved. If you still want to save changes to this query then pass a parameter ‘force’ as value ’true’ while calling this Api

Authentication
This operation uses the following authentication methods.
Responses
201

CREATED

Returns AlertDefinitionDto of type(s) */*
{
    "id": "17cdc484-ae7a-477d-8091-da0557234290",
    "name": "test_alert",
    "description": "Describe test_alert significance in details",
    "recommendations": "Recommendations for test_alert",
    "periodInMillis": 300000,
    "threshold": 0,
    "severityThreshold": {
        "CRITICAL": 5,
        "WARNING": 0,
        "INFO": 0,
        "IMMEDIATE": 0
    },
    "severityToNotificants": {
        "CRITICAL": {
            "emailRecipients": [
                "[email protected]"
            ],
            "notificationConfigs": [
                "1e21284e-c1d8-43f8-b95f-2ebaea801389"
            ],
            "sendToVrops": false
        }
    },
    "severityToSendToVrops": {
        "CRITICAL": false,
        "WARNING": false,
        "INFO": false,
        "IMMEDIATE": false
    },
    "operator": "GREATER_THAN",
    "contentPackId": "9e21284e-c1d8-43f8-b95f-2ebaea801389",
    "source": "USER_DEFINED",
    "alertType": "windowed",
    "cspOrgId": "ed52932c-1274-4495-b7f5-a647f3c0ec69",
    "query": {
        "queryId": "fdf871f3-c548-41fe-9d50-b592d7e44970",
        "name": "test_query",
        "contentPackId": "9e21284e-c1d8-43f8-b95f-2ebaea801389",
        "source": "USER_DEFINED",
        "description": "Query Logs based on contraints",
        "constraints": {
            "operator": "AND",
            "fieldName": null,
            "value": null,
            "constraints": [
                {
                    "operator": "AND",
                    "fieldName": null,
                    "value": null,
                    "constraints": [
                        {
                            "operator": "CONTAINS",
                            "fieldName": "text",
                            "value": "ankita",
                            "constraints": [],
                            "tags": []
                        }
                    ],
                    "tags": [
                        "log-intelligence:search-bar"
                    ]
                },
                {
                    "operator": "AND",
                    "fieldName": null,
                    "value": null,
                    "constraints": [
                        {
                            "operator": "CONTAINS",
                            "fieldName": "text",
                            "value": "error",
                            "constraints": [],
                            "tags": []
                        }
                    ],
                    "tags": []
                }
            ],
            "tags": []
        },
        "aggregationFunctions": [
            {
                "fieldName": null,
                "functionName": "COUNT"
            }
        ],
        "groupByTerms": [
            {
                "fieldName": "timestamp",
                "groupByType": "FIXED_BUCKET"
            }
        ],
        "relationFunctions": []
    },
    "enabled": true,
    "emailRecipients": [
        "[email protected]"
    ],
    "notificationConfigs": [
        "1e21284e-c1d8-43f8-b95f-2ebaea801389"
    ],
    "snoozeStartTimeInMillis": 1688975291792,
    "snoozeEndTimeInMillis": 1688975291789,
    "waitBetweenNotificationsInSeconds": 300,
    "alertMetadata": {
        "description": "Additional information about this alert",
        "key1": "value1",
        "key2": "value2"
    },
    "createdAt": 1680240792,
    "lastUpdatedAt": 1680250854,
    "entityTagAssociation": [
        {
            "tagId": "4c454315-e469-432b-a302-3e8eb0e10690",
            "tagName": "test_tag_1"
        },
        {
            "tagId": "7795d0ee-4d0b-496b-b48b-fc5b7c6f4e89",
            "tagName": "test_tag_2"
        }
    ],
    "notificationMetadata": {
        "isIncludeAllLogs": true,
        "customFields": [
            "environment",
            "lint-api",
            "time_taken_by_lint_api"
        ],
        "outputFormat": "TABLE"
    },
    "logRcaConfig": {
        "id": "733f07bb-6802-450c-9f4c-94623f9d2b90",
        "autoRcaEnabled": false,
        "timeWindowMin": 5,
        "minFilterThreshold": 0,
        "rankThreshold": 1,
        "mergeThreshold": 0.7,
        "createdAt": "2023-03-31T05:33:12.502112Z",
        "createdBy": "[email protected]",
        "lastUpdatedAt": "2023-03-31T05:33:12.502112Z",
        "lastUpdatedBy": "[email protected]"
    },
    "force": false
}
string
id
Optional

Alert ID

string
name
Required

Alert name

string
description
Optional

Alert description

string
recommendations
Optional

Alert recommendations for troubleshooting

integer As int64 As int64
periodInMillis
Required

Time period that indicates how frequently the alert should be evaluated (in milliseconds)

number As double As double
threshold
Optional

Minimum threshold for triggering the alert

object
severityThreshold
Required

Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) and threshold value

object
severityToNotificants
Optional

Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) to list of notificants(email & webhook)

object
severityToSendToVrops
Optional

Map of severity(CRITICAL, IMMEDIATE, WARNING, INFO) to boolean check for sending to vROps

string
operator
Required

Condition for triggering the alert

Possible values are : GREATER_THAN, LESS_THAN,
string
contentPackId
Optional

ID of the content pack that the alert belongs to if the alert is part of a content pack

string
source
Optional

Source of the alert

string
alertType
Required

Type of alert

string
cspOrgId
Optional

Unique ID associated with the org

query
Required

query

boolean
enabled
Optional

Indicates whether the alert is enabled or disabled

array of string
emailRecipients
Optional

Email recipients for the alert notifications

array of string
notificationConfigs
Optional

Notification configs associated with the alert

integer As int64 As int64
snoozeStartTimeInMillis
Optional

Start time for snoozing the alert (in milliseconds)

integer As int64 As int64
snoozeEndTimeInMillis
Optional

Time till when alert is to be snoozed

integer As int64 As int64
waitBetweenNotificationsInSeconds
Optional

Wait time for consecutive notifications

object
alertMetadata
Optional

Additional information associated with the alert

entityTagAssociation
Optional

List of tags associated with this alert

notificationMetadata
Optional

notificationMetadata

logRcaConfig
Optional

logRcaConfig

boolean
force
Optional

It represents other objects in the system have referential dependencies on this query. Saving changes to this query may cause behavioral changes in other objects.Before saving this change, be sure there are no unintended consequences on the following objects, as the previous state of this query can’t be retrieved. If you still want to save changes to this query then pass a parameter ‘force’ as value ’true’ while calling this Api