Each alert type
Overview
Each method triggers an alert for each event that reaches your query.
The threshold for this kind of alert is defined by the filters you have applied in the query. So, each time an event is written on the data table and meets the conditions of your query, an alert will be triggered.
This type of alert could be useful when monitoring key data and every single event needs to be considered individually.
Each-type alerts with subqueries
The Devo Alerting APIÂ allows users to define each-type alerts using source queries that contain subqueries.
This cannot be done through the Devo app interface. However, alerts with subqueries defined through the Alerting API will appear in Administration → Alert Configuration. You'll be able to open them and see their details; however, you'll only be able to edit them using the Alerting API.
Learn more in Working with alert definitions
What data do I need to create this alert?
To create an alert using this triggering method, you can apply filters and create new columns in your query as well as group and aggregate data. No matter what operations you perform, this type of alert will be always available.
Configuring the alert
After selecting this type of alert, you don't have to select any other setting. The alert will be triggered every time an event is received with the characteristics specified in the active query.
Using column values in Summary and Description
You can use the $columnName command to display in the Summary and Description fields the column values of the event that triggered the alert. This command can be employed with the name of any column present in the query result.
In the following query, you could use:
Â
from demo.ecommerce.data
where statusCode = 404,
bytesTransferred >= 4000
Â
Â
$eventdate | $uri | $referralUri |
Â
Take into account that if your query groups events, this command will only work with the names of those columns resulting from the grouping operation. Using a different one will not activate the command and will be interpreted as plain text.
In the following query, you could use:
Â
from demo.ecommerce.data
where statusCode = 404,
bytesTransferred >= 4000
group every 5m by method, timeTaken
Â
Â
$eventdate |
Â
Query example
In the demo.ecommerce.data
 table, imagine that you want to receive an alert each time there's an event that comes from a private IP address.
First of all, you need to filter the query data using the Is Private IPv4 (isprivate) operation. Then, you need to open the alert definition window and select an each type alert.
To save time, you can copy the following query to reproduce the aforementioned example from the demo.ecommerce.data
 sample table and create an each type alert.
from demo.ecommerce.data
where isprivate(clientIpAddress)
Â
Related Articles: