...
Name | Enter a descriptive name for the post filter. It is recommended to give it a meaningful name that helps identifying its purpose. |  |
|---|
Extra Data | This is where you specify the condition(s) that will activate the post filter. Click Add to include a condition (you can add several). Then select a parameter in the first drop-down, an operator in the second, and write a value in the text field. |
|---|
The options that appear in the first drop-down are those registered in the alert extradata, which depend on the query and the alert triggering method (the eventdate will always be available). The options that appear in the second drop-down depend on the data type of the parameter selected (for example, the contains operator for text strings). The text value will be automatically filled in with the value registered in the extradata for the selected parameter, but you can change it as desired. When eventdate is used in the first field, this field will show a date picker when clicking it, making it easier for you to select a date and time. This date will be shown in local time here and in all the menus it appears afterwards, such as those to manage existing post-filters.
|
Action | Select the action you want to perform when the alert meets the criteria: Change status - Select one from the list of possible statuses (Watched, Unread, Closed, False positive, and Suppressed).
Example: you can suppress alerts that do not contain a specific key value, reducing the noise and giving you the opportunity to revisit them after those caused by a key value are dealt with. Change priority - Select one from the list of possible priority levels (Very low, Low, Normal, High, Very high).
Example: you can set alerts to High priority when a key value occurs (see more about priority here). Change notify method - Select a different delivery method for the alert. This will suppress the assigned sending policy and notify the alert through the selected method immediately after being triggered. The options available in the dropdown are all existing delivery methods of any type.
Example: you can change the delivery method for a more synchronous one (such as slack) when an alert based on thresholds exceeds them alert’s threshold is exceeded by a critical amount. Delete - Do not distribute the alert and remove it from the alert history.
Example: you can delete alerts triggered by a specific value that is known to be harmless.
|
|---|
...
Click the ellipsis menu that appears at the end of the row and select:
Stop: when the filter is active, the menu shows this option to deactivate it.
Delete: this option removes the filter permanently.
...
Related articles:
| Child pages (Children Display) |
|---|
| depth | 1 |
|---|
| allChildren | true |
|---|
| style | |
|---|
| page | Manage triggered alerts |
|---|
| sortAndReverse | |
|---|
| first | 0 |
|---|
|
