Best Practices
You can use the Alert Filters API to keep in sync with infrastructure changes and parallel your monitoring activity accordingly. For example, the set of servers under a certain host, i.e. Billing, is scheduled to undergo upgrades for a duration of one week. Due to the non-operational nature of the servers during this time, all alerts generated by them will be unnecessary for monitoring.
Instead of having these alerts continue to stream into the feed and disrupt workflow, create a matching Filter with the query host = "billing*" and a Schedule of one week in the same time frame as the upgrades. This will suppress the irrelevant alerts from ever entering BigPanda.
Plan limit
Each organization can have up to 3,500 alert filters.
Condition limitations
Alert Filter conditions cannot be longer than 25,000 characters long.
All alert tags in filter conditions are case-insensitive.
The condition body parameter uses special BPQL object formatting. See BPQL Object Syntax for more information.
Not all tags are available for alert filter conditions. See the Tag Naming documentation for a list of tags that have limited functionality in BigPanda.
OK status
By default, alert filters ignore events that have an ok status. These events will still enter the system and resolve any related open alerts.
This setting can be changed by explicitly including the exclude_status field as an empty array.
Filter Plan Parameters
The Alert Filter Plan object schema includes the following attributes:
Attribute | Description | Type |
|---|---|---|
id | System-generated unique identifier for the alert filter. | String |
name | User defined name for the alert filter. | String |
description | Brief summary of the alert filter. | String |
bpql | The BPQL object to identify which alerts will be filtered. | JSON |
exclude_status | A list of alert status values that will be excluded from the filter. With new filters, the OK status is excluded by default unless exclude_status is explicitly declared in the payload. | Array of Strings |
active | Whether the filter is active and will apply to incoming alerts | Boolean |
created_on | Date and time the filter was created in ISO 8601 format. | Long |
created_by | The ID of the user who created the filter. | String |
updated_on | Date and time the filter was last updated in ISO 8601 format. | Long |
updated_by | The ID of the user who last updated the filter. | String |
schedule | The ID of the schedule associated to the filter. | String |
custom_tags | Metadata about the plan in an array of key-value pairs. Attributes: - name - Ordered pair tuple name. String - value - Object value. String | Array of Objects |
Sample Alert Filter Plan Object
{
"name": "Folsom Patch",
"bpql": {"=": ["host", "prod-api-1"]},
"active": true,
"description": "Patching Folsom server farm",
"custom_tags" : [{
"name": "server_farm",
"value": "folsom"
}]
}
Filter Schedule Parameters
The Alert Filter Schedule object schema includes the following attributes:
Attribute | Description | Type |
|---|---|---|
id | System-generated unique identifier for the schedule. | String |
name | User defined name for the schedule. | String |
description | Brief summary of the schedule. | String |
starts_on | Unix epoch time when the schedule starts (in seconds). | Long |
ends_on | Unix epoch time when the schedule ends (in seconds). | Long |
time_zone | The schedule's time zone setting. Default is UTC. See the full list of supported time zones here. | |
duration | The calculated time between the ends_on and starts_on in seconds. | Long |
created_on | Unix epoch time when the schedule was created (in seconds). | Long |
created_by | The ID of the user who created the schedule. | String |
updated_on | Unix epoch time when the schedule was last updated (in seconds). | Long |
updated_by | The ID of the user who last updated the schedule. | String |
active | Indicates if the schedule is active and can be applied to alert filters. | Boolean |
Sample Alert Filter Schedule Object
{
"name": "Weekend Maintenance",
"starts_on": 1491265491,
"ends_on": 1491294307,
"time_zone": "UTC",
"active": true
}