Page Comparison

Enter a descriptive name for the post filter. It is recommended to give it a meaningful name that helps identifying its purpose.

This is where you specify the condition(s) that will activate the post filter.

Click Add to include a condition (you can add several). Then select a parameter in the first drop-down, an operator in the second, and write a value in the text field.

• The options that appear in the first drop-down are those registered in the alert extradata, which depend on the query and the alert triggering method (the eventdate will always be available).

• The options that appear in the second drop-down depend on the data type of the parameter selected (for example, the contains operator for text strings).

• The text value will be automatically filled in with the value registered in the extradata for the selected parameter, but you can change it as desired.

  • When eventdate is used in the first field, this field will show a date picker when clicking it, making it easier for you to select a date and time. This date will be shown in local time here and in all the menus it appears afterwards, such as those to manage existing post-filters.

Select the action you want to perform when the alert meets the criteria:

• Change status - Select one from the list of possible statuses (Watched, Unread, Closed, False positive, and Suppressed).
  Example: you can suppress alerts that do not contain a specific key value, reducing the noise and giving you the opportunity to revisit them after those caused by a key value are dealt with.

• Change priority - Select one from the list of possible priority levels (Very low, Low, Normal, High, Very high).
  Example: you can set alerts to High priority when a key value occurs (see more about priority here).

• Change notify method - Select a different delivery method for the alert. The options available in the dropdown are all existing delivery methods of the same any type as the original.
  Example: you can change the delivery method to warn someone else for a more synchronous one (such as slack) when an alert based on thresholds exceeds them by a critical amount.

• Delete - Do not distribute the alert and remove it from the alert history.
  Example: you can delete alerts triggered by a specific value that is known to be harmless.