URL-based Filters
You can create URLs to open filtered alerts and Situation Views. This is useful for context linking from a third-party application directly to Moogsoft Enterprise.
Creating a URL (Basic)
To create a valid URL, it must contain the location of Moogsoft Enterprise, the type of view and the basic filter query syntax to define the filter.
When creating a new URL, it should contain the following components:
Component | Example | Description |
---|---|---|
The host server | https://<localhost>/ | Host name of your Moogsoft Enterprise instance. |
The view type | [#/alerts | #/situations | #/situationalerts] | Defines whether an alert view, Situation view or alerts assigned to Situations are displayed. |
The filter type | ?[filtereditor=basic | filtereditor=advanced] | Defines whether the filter will use basic or advanced query syntax. NotePlease note: Place a question mark (?) at the start of your query parameter and separate each subsequent parameter with an ampersand (&) |
The parameters | &[filter-active_sig_list= |filter-alert_id= | filter-agent=] | These are the parameters, operators and values used to define in the filter. E.g. &filter-alert_id=12, &filter-count=5 etc. NotePlease note: All parameter names must be prefixed by 'filter-' |
Basic Example
The example below shows a URL-based filter using basic filter syntax:
https://<localhost>/#/situationalerts/172?filtereditor=basic&filter-type=CPUHigh&filter-severity=2
A breakdown of this URL's components are described in the table below:
Example Component | Description |
---|---|
https://<localhost>/ | Host name of your Moogsoft Enterprise instance. |
| Specifies an alert view of all alerts assigned to Situation 172. |
| Specifies that you want to use basic filter query string. |
&filter-type=CPUHigh&filter-severity=2 | Defines the filter will display all alerts with the alert type 'CPUHigh' and that have the severity of 'Warning' (severity level 2). |
Note
Please note: When using the URLs, if not currently logged into Moogsoft Enterprise, users are prompted to login. alerts and Situation Views opened are active and are updated with the latest data, with filter and action and navigation functions available as normal for that user.
Custom_info Field
You can filter URL-based filters for custom_info fields if you have added any to your instance of Moogsoft Enterprise.
Note
Please note: For more information on adding custom_info fields see Custom Info.
The example below shows a URL-based filter
https://<localhost>/#/situations?filtereditor=basic&filter-custom_info.something_new=5
Component | Description |
---|---|
https://<localhost>/ | Host name of your Moogsoft Enterprise instance. |
| Specifies an alert view of all alerts assigned to Situation 172. |
| Specifies that you want to use basic filter query string. |
&filter-custom_info.something_new=5 | Defines that you filter the custom_info field 'something_new', this must be column field. The basic filter treats the field as text and uses 'matches' rather than 'equals'. |
Creating a URL (Advanced)
To create a valid URL using the Advanced Filter, it must contain the same components as before but they must be URL-encoded. See "Advanced Filter Syntax" on Filter Search Data.
Note
*Please note: To encode a filter query, open DevTools (right-click and select Inspect) and go to Console:
Type 'encodeURI', insert the query in brackets and then double quotation marks:
Console Entry
encodeURI ("Severity = 'Warning' AND Type = 'DBFail'")
Press Enter to continue and encode the entry:
Encoded Result
"Severity%20=%20'Warning'%20AND%20Type%20=%20'DBFail'"
Advanced Example
The example below shows a URL-based filter using advanced filter query syntax:
https://<localhost>/#/situationalerts/172?filtereditor=advanced&filter-query=Severity%20=%20'Critical'%20AND%20Severity%20=%20'Minor'
This URL can be broken down into the following components:
Component | Description |
---|---|
https://<localhost>/ | Host name of your Moogsoft Enterprise instance. |
#/situationalerts/172 | Directs the filter to a view of all alerts assigned to Situation 172. |
?filtereditor=advanced | Specifies that you want to use advanced filter query syntax. |
&filter-query=Severity%20=%20'Critical'%20AND%20Severity%20=%20'Minor' | Defines the filter will display all alerts with 'Critical' and 'Minor' severity. |
Custom_info field
You can also filter custom_info fields if you have added any to your instance of Moogsoft Enterprise.
Example:
https://<servername>/#/situations?/?filtereditor=advanced&filter-query=%60Something%20new%60%20MATCHES%20%225%22
Example Component | Description |
---|---|
https://<localhost>/ | Host name of your Moogsoft Enterprise instance. |
| Directs the filter to a Situations view. |
| Specifies that you want to use advanced filter query string. |
&filter-query=%60Something%20new%60%20MATCHES%20%225%22 | Defines that you filter the custom_info field 'something_new'. This must be a column field. |
Popout Shortcut
There is a method to quickly popout a URL for Situation alerts.
Note
Please note: The Popout action can only be performed on alerts that are assigned to Situations at present
To do this, go to the Situation Room for the Situation you are interested in and select the alerts tab.
Create a Basic or Advanced filter then go to Tools > Popout:
This will launch a new browser tab with the URL for the filter. See example below:
https://<servername>/#/situationalerts/172?filter-severity=4&filter-type=DBTrans&filtereditor=basic&sort=severity%3ADESC%2Calert_id%3ADESC
The filter URL will include the default sort order of alerts in descending severity order then by descending alert ID:
sort=severity%3ADESC%2Calert_id%3ADESC
Note
Please note: If using the Popout method to generate a URL-based filter with advanced filter query syntax it will be automatically URL encoded
Use in alert and Situation Client Tools
You can create powerful dynamic alert and Situation Client Tools. URLs created using this mechanism can be added to alert and Situation client tools, so that their functionality is available from right-click menus in Situation and alert Views in Moogsoft Enterprise.
Examples
In an alert client tool, with the HTTP Method GET selected, the following code in the URL field shows an alert View with all alerts that have the same host as the alert the tool was run form:
https://<servername>/#/alerts?filtereditor=basic&filter-source=$source
In a Situation client tool, with the HTTP Method GET selected, the following code in the URL field shows a Situation View of all Situations that are impacting the same services at the Situation the tool was run from:
https://<servername>/#/situations?filtereditor=basic&filter-service_list=$service_list
Parameters
The tables below list the available parameters and the associated operators for alerts and Situations:
Warning
Please note: The operators listed below are to be used in the filter query only, prior to using either the Popout or URI-encoding to form your URL
alert Parameters
UI/Display Name | Filter Parameter | Operator |
---|---|---|
Active Situations | active_sig_list | IN |
alert Id | alert_id | > >= < <= != = |
Agent Name | agent | MATCHES |
Agent Host | agent_location | MATCHES |
Class | class | MATCHES |
Count | count | > >= < <= != = |
Description | description | MATCHES |
Entropy | entropy | > >= < <= != = |
External ID | external_id | MATCHES |
First Event Time | first_event_time | >= AND <=* |
Host | source | MATCHES |
Internal Last Event Time | int_last_event_time | >= AND <=* |
Last Change | last_state_change | >= AND <=* |
Last Event Time | last_event_time | >= AND <=* |
Manager | manager | MATCHES |
Owned By | owner | IN |
Severity | severity | IN |
Significance | significance | IN |
Situations | sig_list | IN |
Source ID | source_id | MATCHES |
Status | state | IN |
Type | type | MATCHES |
Situation Paramaters
UI/Display Name | Filter Parameter | Operator |
---|---|---|
Category | category | MATCHES |
Created At | created_at | >= AND <=* |
Description | description | MATCHES |
First Event Time | first_event_time | >= AND <=* |
ID | sig_id | > >= < <= != = |
Last Change | last_state_change | >= AND <=* |
Last Event Time | last_event_time | >= AND <=* |
Owned By | owner | IN |
Participants | participants | > >= < <= != = |
Process Impacted | process_list | CONTAINS |
Scope Trend | delta_entities | >0 <=0 |
Services Impacted | service_list | CONTAINS |
Sev Trend | delta_priority | >0 <=0 |
Severity | severity | IN |
Status | state | IN |
Story | story_id | > >= < <= != = |
Teams | teams | IN |
Total alerts | total_alerts | > >= < <= != = |
User Comments | user_comments | > >= < <= != = |
*Please note: These parameters have operators defining two times, 'from' and 'to' separated by a colon. These times need to be epoch/Unix times:
E.g. First Event Time: From May 3, 2017 00:45:00 to May 3, 2017 00:45:00 would appear as (`First Event Time` >= 1493768700) AND (`First Event Time` <= 1493768700) in advanced filter query syntax and in the URL, this will appear as follows:
?filter-first_event_time=1493768700000%3A1493768700000