Reference: Notification Filters
Click to view navigation pane

Reference: Notification Filters

     action.message

ruleName

Use quotes or backticks within values to find rules with certain name.

Examples

Find rules with name

ruleName: my first rule

Find rules that contain parts of the name

ruleName: "my first rule"

Find rules that match exact value

ruleName: `my first rule`

ruleDescription

Use quotes or backticks within values to find rules with certain description.

Examples

Find rules with description

ruleDescription: this rule is used for alerting

Find rules that contain parts of the description

ruleDescription: "this rule is used for alerting"

Find rules that match exact value

ruleDescription: `this rule is used for alerting`

status

Use a text value ##### to find rules with certain status (Success, Retrying or Error).

Example

Find rules with status

status: SUCCESS

statusDate

Use a date range or specific date to find when rule status were last modified from one status to another (eg., from Error to Success).

Examples

Show rule status modified within certain dates

statusDate: [2018-02-01 ... 2018-02-12]

Show rule status modified starting 2018-02-01, ending 1 month ago

statusDate: [2018-02-01 ... now-1M]

Show rule status modified starting 2 weeks ago, ending 1 second ago

statusDate: [now-2w ... now-1s]

Show rule status modified on certain date

statusDate:'2018-02-22'

aggregate

Use the values true | false to find rules configured to aggregate multiple matches into a single output.

Example

Show aggregated rules

aggregate: TRUE

createdBy

Use quotes or backticks within values to find rules created by a certain user.

Examples

Find rules created by user

createdBy: Joe Smith

Find rules that contain parts of the user name

createdBy: "Joe Smith"

Find rules that match exact value

createdBy: `Joe Smith`

createdById

Use quotes or backticks within values to find rules created by a certain user ID.

Example

Find rules created by user ID

createdById: jsmith

Find rules that contain parts of the user ID

createdById: "jsmith"

Find rules that match exact value

createdById: `jsmith`

action.name

Use quotes or backticks within values to find actions with certain name.

Examples

Find actions with name

action.name: Post to Slack Channel

Find actions that contain parts of the name

action.name: "Post to Slack Channel"

Find actions that match exact value

action.name: `Post to Slack Channel`

action.type

Use a text value ##### to find actions with certain type (Email, slack or pagerduty).

Example

Find actions of type

action.type: SLACK

action.message

Use quotes or backticks within values to find rules with certain text in the message (email, slack or pagerduty messages).

Examples

Find rules with message

action.message: to operations team

Find rules that contain parts of the message

action.message: "to operations team"

Find rules that match exact value

action.message: `to operations team`

action.emailRecipient

Use quotes or backticks within values to find actions with certain email recipients.

Examples

Find actions with email recipient

action.emailRecipient: secops-alert@mycompany.com

Find actions that contain parts of the email recipient

action.emailRecipient: "secops-alert@mycompany.com"

Find actions that match exact value

action.emailRecipient: `secops-alert@mycompany.com`

action.subject

Use quotes or backticks within values to find actions with certain text in the subject (email or pagerduty subject).

Examples

Find actions with subject

action.subject: warning

Find actions that contain parts of the subject

action.subject: "warning"

Find actions that match exact value

action.subject: `warning`

action.slackChannel

Use quotes or backticks within values to find actions with certain slack channel name.

Examples

Find actions with slack channel

action.slackChannel: Sec Ops

Find actions that contain parts of the slack channel name

action.slackChannel: "Sec Ops"

Find actions that match exact value

action.slackChannel: `Sec Ops`