Alert Filter Plans

Alert Filters suppress alerts before they enter BigPanda. Use the Alert Filter Plans API to define rules to exclude specific alerts from entering BigPanda.


Renamed API

The Alert Filter Plans API was previously called V1 Maintenance Plans or V1 Plans. The functionality of the API has not changed, but the name has been updated to clarify which BigPanda feature the API manages.

The Alert Filter Plans API enables users to set and maintain alert filters to reduce noise for operators.

Plans are configured with BPQL queries and, once activated, will suppress alerts that match the criteria.

The Alert Filters API can be used to manage Alert Filters that have been configured in the BigPanda API. Alert filters affect alerts after they have been normalized and enriched, enabling complex filters based on additional metadata and enrichment tags. The plan ID for alert filters is the last 24 characters in the filter URL.

Alert Filter Schedules define a start and stop time frame for the alert filter. If a filter does not have a schedule defined, it will start immediately and run indefinitely - filtering all matching alerts until deactivated.


Schedule ID

The schedule ID is needed to add the schedule to a filter.

Relevant Permissions

See the Manage Alert Filters documentation for a full explanation of the permissions required to access the Alert Filter Plans API and the Alert Filter Schedules API:

To learn more about how BigPanda's permissions work, see the Roles Management guide.

Use Cases

You can use the Alert Filters API to keep in sync with infrastructure changes and parallel your monitoring activity accordingly. For example, the set of servers under a certain host, i.e. Billing, is scheduled to undergo upgrades for a duration of one week. Due to the non-operational nature of the servers during this time, all alerts generated by them will be unnecessary for monitoring.

Instead of having these alerts continue to stream into the feed and disrupt workflow, create a matching Filter with the query host = "billing*" and a Schedule of one week in the same time frame as the upgrades. This will suppress the irrelevant alerts from ever entering BigPanda.


Plan Limit

Each organization can have up to 3,500 alert filters.


Condition Limitations

Alert Filter conditions cannot be longer than 25,000 characters long.

All alert tags in filter conditions must be listed in lowercase, regardless of the tag's system case.

The condition body parameter uses special BPQL object formatting. See BPQL Object Syntax for more information.

Not all tags are available for alert filter conditions. See the Tag Naming documentation for a list of tags that have limited functionality in BigPanda.


OK Status

By default, alert filters ignore events that have an ok status. These events will still enter the system and resolve any related open alerts.

This setting can be changed by explicitly including the exclude_status field as an empty array.

Available Objects & Actions

ObjectDescriptionSupported MethodsAPI Endpoint
Alert Filter Plan ObjectsDefines the schema for configuring an alert filter.POST, GET, PATCH, DELETE<>

Use the Alert Filter Plans API to perform these actions:

Create an Alert FilterPOST /plansCreates a new alert filter.
Retrieve an Alert FilterGET /plans/{id}Retrieves the schema for an existing filter.
Retrieve All Alert FiltersGET /plansRetrieves the schema for all existing filters.
Update an Alert FilterPATCH /plans/{id}Updates a specific filter to stop the maintenance period immediately.
Delete an Alert FilterDELETE /maintenance-plans-delete/Deletes an existing filter permanently from the system.


Rate Limitations

To maintain quality of service, BigPanda APIs are limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.