Page Comparison

Alert Type

The alert type (more information about the alert types can be found in the the Alerts page)

Description

Free text, describes the results returned by the alert's query

Press the "Details" button to view the alert query itself

Index Sets

(Hidden by default) Which OpenSearch index sets will be queried

Document Types

(Hidden by default) Which OpenSearch document types will be queried

Query (JSON)

(Hidden by default) An OpenSearch query (see Query DSL and Aggregations for more information on how to build a query).
A search query, or query, is a request for information about data in OpenSearch indices.
Frequency and Flatline alert types are always based on aggregation whereas Any and List are based on hits. See DPOD Store for more detailed information about the field names.
By default, searches containing an aggregation return both search hits and aggregation results. To return only aggregation results, so that the query will be more efficient (performance wise), set size to 0.
A meaningful name should be given to the aggregation names since they are used as the subject name of the alert.
A System Health Metric alert should always be based on a search query containing an aggregation with the name “Device”. (See ‘Alert on Devices CPU over 80%’ as an example for adding a new metric)

Parameters (JSON)

(Hidden by default) Named parameters to replace placeholders in the query. i.e:

Investigate URI

An investigate link, included in the alert results, and displays the data that triggered each alert in DPOD Web Console.
To compose a URI, one should open the relevant dashboard that displays the data for a particular alert, enter the filters the alert uses, and copy the URI from after the #.
The values should be replaced with one of the following placeHolders:
${result:Aggs or source field name} , ${parameter:Parameter name} or ${threshold}.
For example:
apicTransactions:-apicApiNameOp:eq-apicApiName:${result:API}-errorMessageOp:eq-errorMessage:${parameter:messageTextSubstring}

Aggs to Ignore

Delimited list of aggregation names to ignore in results.

Query Period

The time frame for the alert's query

Operator

Operator for the alert's query
Alert Type Frequency supports: Equals / Not Equals / Greater Than / Greater Than Or Equals / Less Than / Less Than Or Equals
Alert Type Flatline supports: Equals / Not Equals / Greater Than / Greater Than Or Equals / Less Than / Less Than Or Equals
Alert Type Flatline supports: In / Not In
Alert Type Any - The condition will be met if any results are returned for the query and therefore no operator needed.

Threshold

The value to compare the query's result to (not applicable for alert types "any" and "list")

Field Name

Only applicable for alert type "List" and "Frequency"

Value List

Only applicable for alert type "List" - the list of values delimited by the delimiter specified in the "delimiter" field

Final results list

Only applicable for alert type "Frequency" - the list of values always returned in results, delimited by the delimiter specified in the "delimiter" field

List Delimiter

The delimiter used to delimit the value list and the final result list