Skip to main content

URL-based Filters

You can create URLs to open filtered alerts and Situation Views. This is useful for context linking from a third-party application directly to Moogsoft Onprem.

Creating a URL (Basic)

To create a valid URL, it must contain the location of Moogsoft Onprem, the type of view and the basic filter query syntax to define the filter.

When creating a new URL, it should contain the following components:

Component

Example

Description

The host server

https://<localhost>/

Host name of your Moogsoft Onprem instance.

The view type

[#/alerts | #/situations | #/situationalerts]

Defines whether an alert view, Situation view or alerts assigned to Situations are displayed.

The filter type

?[filtereditor=basic | filtereditor=advanced]

Defines whether the filter will use basic or advanced query syntax.

Note

Please note: Place a question mark (?) at the start of your query parameter and separate each subsequent parameter with an ampersand (&)

The parameters

&[filter-active_sig_list= |filter-alert_id= | filter-agent=]

These are the parameters, operators and values used to define in the filter. E.g. &filter-alert_id=12, &filter-count=5 etc.

Note

Please note: All parameter names must be prefixed by 'filter-'

Basic Example

The example below shows a URL-based filter using basic filter syntax:

https://<localhost>/#/situationalerts/172?filtereditor=basic&filter-type=CPUHigh&filter-severity=2

A breakdown of this URL's components are described in the table below:

Example Component

Description

https://<localhost>/

Host name of your Moogsoft Onprem instance.

#/situationalerts/172

Specifies an alert view of all alerts assigned to Situation 172.

?filtereditor=basic

Specifies that you want to use basic filter query string.

&filter-type=CPUHigh&filter-severity=2

Defines the filter will display all alerts with the alert type 'CPUHigh' and that have the severity of 'Warning' (severity level 2).

29959919.png

Note

Please note: When using the URLs, if not currently logged into Moogsoft Onprem, users are prompted to login. alerts and Situation Views opened are active and are updated with the latest data, with filter and action and navigation functions available as normal for that user.

Custom_info Field

You can filter URL-based filters for custom_info fields if you have added any to your instance of Moogsoft Onprem.

Note

Please note: For more information on adding custom_info fields see Custom Info.

The example below shows a URL-based filter

https://<localhost>/#/situations?filtereditor=basic&filter-custom_info.something_new=5

Component

Description

https://<localhost>/

Host name of your Moogsoft Onprem instance.

#/situations?

Specifies an alert view of all alerts assigned to Situation 172.

?filtereditor=basic

Specifies that you want to use basic filter query string.

&filter-custom_info.something_new=5

Defines that you filter the custom_info field 'something_new', this must be column field.

The basic filter treats the field as text and uses 'matches' rather than 'equals'.

Creating a URL (Advanced)

To create a valid URL using the Advanced Filter, it must contain the same components as before but they must be URL-encoded. See "Advanced Filter Syntax" on Filter Search Data.

Note

*Please note: To encode a filter query, open DevTools (right-click and select Inspect) and go to Console:

Type 'encodeURI', insert the query in brackets and then double quotation marks:

Console Entry

encodeURI ("Severity = 'Warning' AND Type = 'DBFail'")

Press Enter to continue and encode the entry:

Encoded Result

"Severity%20=%20'Warning'%20AND%20Type%20=%20'DBFail'"
Advanced Example

The example below shows a URL-based filter using advanced filter query syntax:

https://<localhost>/#/situationalerts/172?filtereditor=advanced&filter-query=Severity%20=%20'Critical'%20AND%20Severity%20=%20'Minor'

This URL can be broken down into the following components:

Component

Description

https://<localhost>/

Host name of your Moogsoft Onprem instance.

#/situationalerts/172

Directs the filter to a view of all alerts assigned to Situation 172.

?filtereditor=advanced

Specifies that you want to use advanced filter query syntax.

&filter-query=Severity%20=%20'Critical'%20AND%20Severity%20=%20'Minor'

Defines the filter will display all alerts with 'Critical' and 'Minor' severity.

29959914.png
Custom_info field

You can also filter custom_info fields if you have added any to your instance of Moogsoft Onprem.

Example:

https://<servername>/#/situations?/?filtereditor=advanced&filter-query=%60Something%20new%60%20MATCHES%20%225%22

Example Component

Description

https://<localhost>/

Host name of your Moogsoft Onprem instance.

#/situations?

Directs the filter to a Situations view.

?filtereditor=advanced

Specifies that you want to use advanced filter query string.

&filter-query=%60Something%20new%60%20MATCHES%20%225%22

Defines that you filter the custom_info field 'something_new'. This must be a column field.

Popout Shortcut

There is a method to quickly popout a URL for Situation alerts.

Note

Please note: The Popout action can only be performed on alerts that are assigned to Situations at present

To do this, go to the Situation Room for the Situation you are interested in and select the alerts tab.

Create a Basic or Advanced filter then go to Tools > Popout:

29959918.png

This will launch a new browser tab with the URL for the filter. See example below:

https://<servername>/#/situationalerts/172?filter-severity=4&filter-type=DBTrans&filtereditor=basic&sort=severity%3ADESC%2Calert_id%3ADESC

The filter URL will include the default sort order of alerts in descending severity order then by descending alert ID:

sort=severity%3ADESC%2Calert_id%3ADESC

Note

Please note: If using the Popout method to generate a URL-based filter with advanced filter query syntax it will be automatically URL encoded

Use in alert and Situation Client Tools

You can create powerful dynamic alert and Situation Client Tools. URLs created using this mechanism can be added to alert and Situation client tools, so that their functionality is available from right-click menus in Situation and alert Views in Moogsoft Onprem.

Examples

In an alert client tool, with the HTTP Method GET selected, the following code in the URL field shows an alert View with all alerts that have the same host as the alert the tool was run form:

https://<servername>/#/alerts?filtereditor=basic&filter-source=$source

In a Situation client tool, with the HTTP Method GET selected, the following code in the URL field shows a Situation View of all Situations that are impacting the same services at the Situation the tool was run from:

https://<servername>/#/situations?filtereditor=basic&filter-service_list=$service_list

Parameters

The tables below list the available parameters and the associated operators for alerts and Situations:

Warning

Please note: The operators listed below are to be used in the filter query only, prior to using either the Popout or URI-encoding to form your URL

alert Parameters

UI/Display Name

Filter Parameter

Operator

Active Situations

active_sig_list

IN

alert Id

alert_id

>

>=

<

<=

!=

=

Agent Name

agent

MATCHES

Agent Host

agent_location

MATCHES

Class

class

MATCHES

Count

count

>

>=

<

<=

!=

=

Description

description

MATCHES

Entropy

entropy

>

>=

<

<=

!=

=

External ID

external_id

MATCHES

First Event Time

first_event_time

>= AND <=*

Host

source

MATCHES

Internal Last Event Time

int_last_event_time

>= AND <=*

Last Change

last_state_change

>= AND <=*

Last Event Time

last_event_time

>= AND <=*

Manager

manager

MATCHES

Owned By

owner

IN

Severity

severity

IN

Significance

significance

IN

Situations

sig_list

IN

Source ID

source_id

MATCHES

Status

state

IN

Type

type

MATCHES

Situation Paramaters

UI/Display Name

Filter Parameter

Operator

Category

category

MATCHES

Created At

created_at

>= AND <=*

Description

description

MATCHES

First Event Time

first_event_time

>= AND <=*

ID

sig_id

>

>=

<

<=

!=

=

Last Change

last_state_change

>= AND <=*

Last Event Time

last_event_time

>= AND <=*

Owned By

owner

IN

Participants

participants

>

>=

<

<=

!=

=

Process Impacted

process_list

CONTAINS

Scope Trend

delta_entities  

>0

<=0

Services Impacted

service_list

CONTAINS

Sev Trend

delta_priority

>0

<=0

Severity

severity

IN

Status

state

IN

Story

story_id

>

>=

<

<=

!=

=

Teams

teams

IN

Total alerts

total_alerts

>

>=

<

<=

!=

=

User Comments

user_comments

>

>=

<

<=

!=

=

*Please note: These parameters have operators defining two times, 'from' and 'to' separated by a colon. These times need to be epoch/Unix times:

E.g. First Event Time: From May 3, 2017 00:45:00 to May 3, 2017 00:45:00 would appear as (`First Event Time` >= 1493768700) AND (`First Event Time` <= 1493768700) in advanced filter query syntax and in the URL, this will appear as follows:

?filter-first_event_time=1493768700000%3A1493768700000