[Index]

Model: relation/AlertingPolicyToRule

Model Details: relation/AlertingPolicyToRule

Title Description Details
Policy Name * Name of the alerting policy. This must be unique per hierarchy.
  • Field Name: name
  • Type: String
  • MaxLength: 255
Description Provide a brief description of this policy.
  • Field Name: description
  • Type: String
  • MaxLength: 2048
Enabled Is this policy enabled?
  • Field Name: enabled
  • Type: Boolean
Filters Global filters to apply before processing policy rules.
  • Field Name: policy_filters.[n]
  • Type: Array
Name
  • Field Name: policy_filters.[n].description
  • Type: String
Location *
  • Field Name: policy_filters.[n].location
  • Type: String
  • Choices: ["Header", "Raw log"]
Pattern Type *
  • Field Name: policy_filters.[n].pattern_type
  • Type: String
  • Choices: ["Match", "Match/Extract"]
Pattern Header name or regular expression for raw logs.
  • Field Name: policy_filters.[n].pattern
  • Type: String
Function
  • Field Name: policy_filters.[n].function
  • Type: String
  • Choices: ["Greater Than", "Less Than", "Same"]
Function Value
  • Field Name: policy_filters.[n].function_value
  • Type: Integer
Token used for alert message output order
  • Field Name: policy_filters.[n].token
  • Type: Integer
Enrichment Enrich the alert with table details or additional verbage.
  • Field Name: enrichment.[n]
  • Type: Array
Location *
  • Field Name: enrichment.[n].location
  • Type: String
  • Choices: ["table", "custom"]
Item
  • Field Name: enrichment.[n].item
  • Type: String
Token used for alert message output order
  • Field Name: enrichment.[n].token
  • Type: Integer
Alerting Rules
  • Field Name: AlertingRules.[n]
  • Type: Array
Policy * The alerting policy this rule belongs to.
  • Field Name: AlertingRules.[n].policy
  • Type: String
  • Target: /api/data/AlertingPolicy/choices/?field=name&format=json&hierarchy=[hierarchy]&auth_token=%3D%3D%24ckRYrKQgXS8JF770%24y7Y6r3AJt5eUjoiLty9pZNqkLkmCAMhJF0pXuSG1HoNJ8WuZgB1LGhMt0dgUjyc6w2MSz6pWReqqiDF5umELtpZ5RpXzyjMbB3Wt8NATE3rQmGaoh4xrHaGRhV%2B76f%2BuNW0Tp0ZTklmg71sosXuN20wIpfDGdcfEj2UPJurgcGof6puAHiX/tq%2BkwPA1aPt4HUYdmKR8n/e6qmZgTQ%2BqZ8Rx0XFSiDi0ud0Z7wYt3I4GgEpU4ECwUjfmw16avpdZAjad3P1CqZVTdqgm%2BjFNS5QGSR66hxAYedyhz39eyQqd8fdRbLpZ6hJqoIyPk%2BCmL5mLOHViKJtxMhRQs7CkUAbwGD/gpCKEMG9gNvgrYfONSCtATFBWSGPL9KeBlj8N09uOe0VAI4Yz9H6MrEZCXdmSwLVeIIz4oqeViQbaXx9G7QLZqh4Yzm2yqFpNHu4WeEaRRTH1jYJ0KbioCY5klczJZJbibsYVj%2BDEdoqth2mzeMPim8cR51K15gcKtjNYBuY4tSo%3D%24%3D%3D
  • Target attr: name
  • Target Model Type: data/AlertingPolicy
  • Format: uri
  • Choices: []
Rule Name * Name of the alerting rule. This must be unique per policy.
  • Field Name: AlertingRules.[n].name
  • Type: String
  • MaxLength: 255
Description Provide a brief description of this Alerting Rule.
  • Field Name: AlertingRules.[n].description
  • Type: String
  • MaxLength: 8192
Rule Type
  • Field Name: AlertingRules.[n].rule_type
  • Type: String
  • Choices: ["Simple", "Compound"]
Alarm Id
  • Field Name: AlertingRules.[n].alarm_id
  • Type: Integer
Coorelation Type
  • Field Name: AlertingRules.[n].coorelation_type
  • Type: String
  • Choices: ["Simple", "Complex"]
Enabled
  • Field Name: AlertingRules.[n].enabled
  • Type: Boolean
Inherit Output If you want filter data included?
  • Field Name: AlertingRules.[n].inherit
  • Type: Boolean
Halt Processing Halt processing in this policy group on match?
  • Field Name: AlertingRules.[n].halt_processing_on_match
  • Type: Boolean
Window
  • Field Name: AlertingRules.[n].window
  • Type: Integer
  • Choices: ["30 seconds", "1 minute", "5 minutes", "10 minutes", "30 minutes", "1 hour", "2 hours", "4 hours", "8 hours", "12 hours", "24 hours"]
Severity
  • Field Name: AlertingRules.[n].severity
  • Type: String
  • Choices: ["Informational", "Minor", "Major", "Critical"]
Threshold
  • Field Name: AlertingRules.[n].threshold
  • Type: Integer
Search Filter
  • Field Name: AlertingRules.[n].search_filter
  • Type: String
Definitions Definitions.
  • Field Name: rule_definitions.[n]
  • Type: Array
Name
  • Field Name: AlertingRules.[n].rule_definitions.[n].description
  • Type: String
Location *
  • Field Name: AlertingRules.[n].rule_definitions.[n].location
  • Type: String
  • Choices: ["Header", "Raw log"]
Pattern Type *
  • Field Name: AlertingRules.[n].rule_definitions.[n].pattern_type
  • Type: String
  • Choices: ["Match", "Match/Extract"]
Pattern Header name or regular expression for raw logs.
  • Field Name: AlertingRules.[n].rule_definitions.[n].pattern
  • Type: String
Function
  • Field Name: AlertingRules.[n].rule_definitions.[n].function
  • Type: String
  • Choices: ["Greater Than", "Less Than", "Same"]
Function Value
  • Field Name: AlertingRules.[n].rule_definitions.[n].function_value
  • Type: Integer
Token used for alert message output order
  • Field Name: AlertingRules.[n].rule_definitions.[n].token
  • Type: Integer
Enrichment Enrich the alert with table details or additional verbage.
  • Field Name: enrichment.[n]
  • Type: Array
Location *
  • Field Name: AlertingRules.[n].enrichment.[n].location
  • Type: String
  • Choices: ["table", "custom"]
Item
  • Field Name: AlertingRules.[n].enrichment.[n].item
  • Type: String
Token used for alert message output order
  • Field Name: AlertingRules.[n].enrichment.[n].token
  • Type: Integer
Response Procedure * The response procedure for this alert rule.
  • Field Name: AlertingRules.[n].response_procedure
  • Type: String
  • Target: /api/data/AlertingResponseProcedure/choices/?field=name&format=json&hierarchy=[hierarchy]&auth_token=%3D%3D%24WbrVyum9OCLkYp38%24UmMDVa6xz7ZBqlkL3pG%2BpIpApSagX7jq42luQVT0KEkKWrYfOUjIZSkVRMSzDYZvIvrAM7BscHREyk8Rg0%2Bi2oz1WSgpDzkYBLvlTnhYzWjlOGMFXnhTA5KL1TH4B6WR3kF76It01qycpKuybCXf3wd5ggtgOBH/WNGfVbVUaCQKH1w7/F/vJ8qw45IlNi43yBeQhBQeoW5Uai%2BVJO6MTIxOtGMDEWqKVMAcvwQC8LHEBLFERipGcfQIAXyZgbKMzWRqYP0ZdzUmlpYvnQwq6kJGgrbswlWB3YzOP9xiAXIOdDzOyYlL3uPToD5RfW9YkkhoKwAh7Dwdy/kEIU3Jq4%2BxA3cW4ByHGGh29vKq0rDb81ROJz3Xb1k9WyCBvSYVhf4C9h1Rfar7vZiuDk/vnIbdKAfC2l0OnKZ3fgd4aq8LqO/bF07Ygc2VnjayAzuycfwvQHxBuVsaKSDK10vEKaDm043pIJEPG/Hc5NoySO8EDAzxkacYavn6900EK47u3tptkvux6nu1guZcAHsrOQ%3D%3D%24%3D%3D
  • Target attr: name
  • Target Model Type: data/AlertingResponseProcedure
  • Format: uri
  • Choices: []
Grafana Rule The grafana rule for this for this alert rule. TODO reference new model.
  • Field Name: AlertingRules.[n].grafana_rule
  • Type: String