Alert Filters suppress alerts before they enter BigPanda. Use the Alert Filter Plans API to define rules to exclude specific alerts from entering BigPanda.
Renamed API
The Alert Filter Plans API was previously called V1 Maintenance Plans or V1 Plans. The functionality of the API has not changed, but the name has been updated to clarify which BigPanda feature the API manages.
The Alert Filter Plans API enables users to set and maintain alert filters to reduce noise for operators.
Plans are configured with BPQL queries and, once activated, will suppress alerts that match the criteria.
The Alert Filters API can be used to manage Alert Filters that have been configured in the BigPanda API. Alert filters affect alerts after they have been normalized and enriched, enabling complex filters based on additional metadata and enrichment tags. The plan ID for alert filters is the last 24 characters in the filter URL.
Alert Filter Schedules define a start and stop time frame for the alert filter. If a filter does not have a schedule defined, it will start immediately and run indefinitely - filtering all matching alerts until deactivated.
Schedule ID
The schedule ID is needed to add the schedule to a filter.
Relevant Permissions
See the Manage Alert Filters documentation for a full explanation of the permissions required to access the Alert Filter Plans API and the Alert Filter Schedules API.
To learn more about how BigPanda's permissions work, see the Roles Management guide.
Use Cases
You can use the Alert Filters API to keep in sync with infrastructure changes and parallel your monitoring activity accordingly. For example, the set of servers under a certain host, i.e. Billing, is scheduled to undergo upgrades for a duration of one week. Due to the non-operational nature of the servers during this time, all alerts generated by them will be unnecessary for monitoring.
Instead of having these alerts continue to stream into the feed and disrupt workflow, create a matching Filter with the query host = "billing*" and a Schedule of one week in the same time frame as the upgrades. This will suppress the irrelevant alerts from ever entering BigPanda.
Plan Limit
Each organization can have up to 3,500 alert filters.
Condition Limitations
Alert Filter conditions cannot be longer than 25,000 characters long.
All alert tags in filter conditions are case-insensitive.
The
conditionbody parameter uses special BPQL object formatting. See BPQL Object Syntax for more information.Not all tags are available for alert filter conditions. See the Tag Naming documentation for a list of tags that have limited functionality in BigPanda.
OK Status
By default, alert filters ignore events that have an
okstatus. These events will still enter the system and resolve any related open alerts.This setting can be changed by explicitly including the
exclude_statusfield as an empty array.
Available Objects & Actions
| Object | Description | Supported Methods | API Endpoint |
|---|---|---|---|
| Alert Filter Plan Objects | Defines the schema for configuring an alert filter. | POST, GET, PATCH, DELETE | <https://api.bigpanda.io/resources/v1.0/plans> |
Use the Alert Filter Plans API to perform these actions:
| Action | Definition | Description |
|---|---|---|
| Create an Alert Filter | POST /plans | Creates a new alert filter. |
| Retrieve an Alert Filter | GET /plans/{id} | Retrieves the schema for an existing filter. |
| Retrieve All Alert Filters | GET /plans | Retrieves the schema for all existing filters. |
| Update an Alert Filter | PATCH /plans/{id} | Updates a specific filter to stop the maintenance period immediately. |
| Delete an Alert Filter | DELETE /maintenance-plans-delete/ | Deletes an existing filter permanently from the system. |
Rate Limitations
To maintain quality of service, BigPanda APIs are limited to 5 requests per second.
Additional requests will return a 429 response code and the request will need to be retried.