Guides
Log InStart Free Trial
Start typing to search…

Alerts Search Query Help

Fields

You can use field:value combination with most of alert fields.

Condition

Description

  • *createdAt** : 1470394841148

Unix timestamp in milliseconds format. (1470394841148 -> Fri, 05 Aug 2016 11:00:41.148 GMT)

  • *lastOccurredAt** : 1470394841148

Unix timestamp in milliseconds format. (1470394841148 -> Fri, 05 Aug 2016 11:00:41.148 GMT)

  • *snoozedUntil** : 1470394841148

Unix timestamp in milliseconds format. (1470394841148 -> Fri, 05 Aug 2016 11:00:41.148 GMT)

  • *alertId** : b9a2fb13-1b76-4b41-be28-eed2c61978fa

Id of the alert.

  • *tinyId** : 28

Short id assigned to the alert. Be careful, using this field is not recommended because it rolls.

  • *alias** : host_down

Alias of the alert to be retrieved. Using alias will only retrieve an open alert with that alias if it exists.

  • *count** : 5

If any source attempts to create a new alert where there is an open alert with the given alias, the count value of the open alert will be increased by one instead of creating another alert.

  • *message** : Server apollo average

string

  • *description** : Monitoring tool is reporting that the

string

string

  • *entity** : entity1

string

  • *status** : open

open | closed

Opsgenie Username

Opsgenie Username

Opsgenie Username

Opsgenie Username

  • *isSeen** : true

true | false

  • *acknowledged** : true

true | false

  • *snoozed** : false

true | false

  • *teams** : team1

Name of the team.

  • *integration.name** : "Lorem Ipsum API Integration"

Name of the integration.

  • *integration.type** : API

Type of the integration.

  • *tag** : EC2

string

  • *actions** : start

string

Condition Operators

In addition of : exact match operator; you can also use <, <=, > and >= operators.

Examples

count > 5

count <= 4

lastOccurredAt < 1470394841148

Logical Operators

Combine multiple value(s) by using AND and OR operators. Just don't forget to wrap them with ( ) parentheses.

Example

Description

message: (lorem OR ipsum)

  • *message** field contains "lorem" or "ipsum"

description: (lorem AND ipsum)

  • *description** field contains both "lorem" and "ipsum"

Also you can combine multiple condition(s) by using AND and OR operators.

Examples

message: lorem AND count >= 3

message: (lorem OR ipsum) AND count >= 3

status: open AND (count >= 3 OR entity:lipsum)
Expand

Use the NOT search query to disqualify search results for a certain value.

Examples

Description

message: NOT lorem

  • *message** field does not contain lorem

status: NOT open

  • *status** of alert results are not open, i.e, closed or resolved

Asterisk (*) Wildcard Usage

Asterisk (*) character can be used as a substitute for any of a class of characters in a search. It is often used in place of one or more characters when you do not know what the real character is or you do not want to type the entire name. If you are looking for an alert that you know "message" field starts with "lorem" but you cannot remember the rest of the field, type the following:

Examples

message: lorem*

lorem*

Updated 23 days ago