Alert Filtering helps you stop duplicate, low-relevancy events from being correlated into incidents. Stopping alert noise before it reaches the incident feed allows you to focus on the most important incidents and spend your time and effort on the most critical issues.

Alert Filtering affects alerts after they have been normalized and enriched. The added context of the enrichment process allows you to filter events based on alert metadata and enrichment tags.

Key Features

• Hide alerts requiring no operator actions such as during application decommissioning, self-resolving alerts, testing, and more.
• Preview filtering logic to see which alerts will be removed.
• Adjust conditions on the fly to match changing situations.
• View configured rules to troubleshoot filtered alerts

❗️

Alerts currently cannot be filtered by the description field.

❗️

BigPanda timestamps are saved and processed in seconds. If a maintenance schedule is sent with a timestamp in milliseconds, it will result in a scheduled time in the distant future.

Relevant Permissions

Roles with the following permissions are granted varying levels of access to Alert Filtering:

Create Alert Filters

To add a new alert filter:

1. Within BigPanda, navigate to Settings > Alert Filtering.
2. Click New Filter.
3. Populate the following fields. Upon populating these fields, a preview displaying which alerts will be filtered out will appear in the right pane of the screen:
         - Filter Name
         - BPQL Condition (25,000 characters max)
         - (Optional) Add Description
4. (Optional) Click Create as Inactive to deactivate the alert filter upon creation.
5. Click Create Filter to save.

🚧

Plan Limit

Each organization can only have 3,500 alert filters at a time.

🚧

Condition Limitations

Filter conditions cannot be longer than 25,000 characters long.

All alert tags in filter conditions must be listed in lowercase, regardless of the tag's system case.

📘

OK Status

By default, alert filters ignore events that have an ok status. These events will still enter the system and resolve any related open alerts.

This setting can be changed for an individual alert filter using the Plans V1 API

View Alert Filters

Alert filters are managed in BigPanda at Settings > Alert Filtering.

Click any alert filter in the list to view details in the right pane.

Sort and Filter Alert Filters

To sort the list of alert filters, click the Sort icon. From the menu, choose to sort either by last Updated or Created date.

The alert filters list can be filtered by Status. To filter the list, click Status and from the menu, select Active or Inactive.

Manage Alert Filters

Once created, you can edit, duplicate, delete, or activate/deactivate alert filters from within the Alert Filtering pane.

To manage alert filters:

1. Navigate to Settings > Alert Filters. A list of existing alert filters appears.
2. Select the alert filter you wish to edit, activate/deactivate, or delete.
3. Use any of the following options to modify the alert filter:

Alert Filtering Schedules

By default, alert filters are not time-sensitive. Filters will apply to all matching alerts until deactivated.

An optional time window can be added to alert filters using the Schedules and Plans v1 APIs.

To add a schedule to an existing alert filter:

1. Select the filter. Note the filter ID from the URL (24 digit code).
2. Create a Schedule using an API call. Note the schedule ID from the success return.
3. Make an Update a Plan API call. Enter the filter ID in the id field, and the schedule ID in the schedule field.

The alert filter will only apply to matching alerts that are time stamped within the scheduled period.

Next Steps

Learn about the Data Engineering process in the BigPanda University Data Engineering Learning Path.

Find information about managing Alert Enrichment.

Learn to navigate the BigPanda Settings page.