Each alert type
- Juan Tomás Alonso Nieto (Unlicensed)
- Borja Moro Moreno
- Sarah Bigault (Deactivated)
Overview
The each method triggers an alert for each event that arrives to your query.
The threshold for this kind of alert is defined by the filters you have applied in the query. So, each time an event is written on the data table and meets the conditions of your query, an alert will be triggered.
This type of alert could be useful when monitoring key data and every single event needs to be considered individually.
What data do I need to create this alert?
To create an alert using this triggering method, you can apply filters and create new columns in your query as well as group and aggregate data. No matter what operations you perform, this type of alert will be always available.
Configuring the alert
After selecting this type of alert, you don't have to select any other setting. The alert will be triggered every time an event is received with the characteristics specified in the active query.
Using column values in Summary and Description
The $columnName command used to display column values in the Summary and Description fields can be employed with any column present in the query, such as $eventdate.
Take into account that if your query groups events, this will only work with those columns used as grouping keys.
| $eventdate | You can use this column to display the moment in time at which the events that triggered the alert were received. |
Query example
In the demo.ecommerce.data table, imagine that you want to receive an alert each time there's an event that comes from a private IP address.
First of all, you need to filter the query data using the Is Private IPv4 (isprivate) operation. Then, you need to open the alert definition window and select an each type alert.
To save time, you can copy the following query to reproduce the aforementioned example from the demo.ecommerce.data sample table and create an each type alert.
from demo.ecommerce.data where isprivate(clientIpAddress)
Related Articles: