New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom Query For Alert Conditions #3966

Closed
jalogisch opened this Issue Jul 3, 2017 · 1 comment

Comments

Projects
None yet
3 participants
@jalogisch
Member

jalogisch commented Jul 3, 2017

Expected Behavior

Be able to configure the Query for an alert condition.

Current Behavior

The Query for an alert condition is * on a stream.

Possible Solution

Add one additional field to the alert condition that the experienced user is able to make a more specific search on a stream for the alert condition.

Context

This way it is not needed to create lots of streams just to be able to alert on a certain type of message by adjusting the query that is done.

@Mattia98

This comment has been minimized.

Mattia98 commented Mar 30, 2018

I think it is critical that this feature is implemented. I have composed a query that shows me some specific error that I want to get an alert for. The only thing I can do right now is put the query count to a dashboard an monitor it, or have the search window in refresh mode open all the time. But I also need to know about possible matches when I am not in front of a monitor, hence I need to create an alert for a query. I couldn't believe that this wasn't a feature yet. Or is there another way you are supposed to create alerts for a specific error?

bernd added a commit that referenced this issue Oct 15, 2018

Make search query in alert conditions configurable in the UI
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

bernd added a commit that referenced this issue Oct 16, 2018

Make search query in alert conditions configurable in the UI
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

bernd added a commit that referenced this issue Oct 18, 2018

Make search query in alert conditions configurable in the UI
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

bernd added a commit that referenced this issue Oct 29, 2018

Make search query in alert conditions configurable in the UI
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

bernd added a commit that referenced this issue Nov 6, 2018

Make search query in alert conditions configurable in the UI
This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

edmundoa added a commit that referenced this issue Nov 7, 2018

Make search query in alert conditions configurable in the UI (#5212)
* Make search query in alert conditions configurable in the UI

This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

* Trim streamId and query strings

* Use query config in field content value condition as well

* Add HTTP API endpoints to test alert conditions

There are two test endpoints, one to test existing alert conditions and
one to test new alert conditions which have not been stored in the
database yet.

* Add missing NoAuditEvent annotations to test resources

* Fix failing test because of missing stream id

* Use AND operator and parentheses to combine streams and custom query

Otherwise the generated query will be wrong.

edmundoa added a commit that referenced this issue Nov 7, 2018

Make search query in alert conditions configurable in the UI (#5212)
* Make search query in alert conditions configurable in the UI

This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

* Trim streamId and query strings

* Use query config in field content value condition as well

* Add HTTP API endpoints to test alert conditions

There are two test endpoints, one to test existing alert conditions and
one to test new alert conditions which have not been stored in the
database yet.

* Add missing NoAuditEvent annotations to test resources

* Fix failing test because of missing stream id

* Use AND operator and parentheses to combine streams and custom query

Otherwise the generated query will be wrong.

(cherry picked from commit 0533cfd)

bernd added a commit that referenced this issue Nov 8, 2018

Make search query in alert conditions configurable in the UI (#5212) (#…
…5277)

* Make search query in alert conditions configurable in the UI

This exposes a new query config field in the alert condition
configuration. The value defaults to "*".

The query is used to build a filter string for the alert condition
search. We add the query string to the query filter for performance
reasons.

Fixes #3966

* Trim streamId and query strings

* Use query config in field content value condition as well

* Add HTTP API endpoints to test alert conditions

There are two test endpoints, one to test existing alert conditions and
one to test new alert conditions which have not been stored in the
database yet.

* Add missing NoAuditEvent annotations to test resources

* Fix failing test because of missing stream id

* Use AND operator and parentheses to combine streams and custom query

Otherwise the generated query will be wrong.

(cherry picked from commit 0533cfd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment