Create and Manage Rules

Rules can be used to define the criteria to trigger the alert notifications. You can use our pre-defined search tokens and form the queries for the criteria. You can then associate an action to be executed when the criteria defined in the rule are met. 

Create New Rule

(1) Go to Responses > Rule Manager > New Rule.

(2) Provide a name and description of the new rule in the Rule Name and Description.

(3) In the Rule Query section, specify a query for the rule. The system uses this query to search for events. Use the Test Query button to test your query. Click Sample Queries link to select from the predefined queries.

(4) In the Trigger Criteria section, choose from three trigger criteria that work in conjunction with the rule query. The trigger criteria are: Single Match, Time-Window Count Match, and Time-Window Scheduled Match. See Trigger Criteria.

Basic details required to create a rule.

(5) In the Action Settings section, choose the actions that you want the system to perform when an alert is triggered.

Setting options for configuring the required action.

Manage Rules

The Rule Manager tab lists all the rules that you have created with rule name, trigger criteria selected for the rule, alert message aggregating enabled or disabled for the rule, action chosen for the rule, date and time when the rule is last triggered and state of the rule, whether the rule is enabled or disabled and created date and time of the rule.

You can use the Actions menu or Quick Actions menu to edit, enable, disable, delete rules and save an existing rule along with its configuration to create a new rule with a new name. Use the search bar to search for rules using the search tokens.

Manage rules