Managing Alerts

Permission Requirements

After you've created some alerts, you may want to make some changes to them or perform a series of other actions. You can find any alerts you've created and perform these actions from the Alerts page of a repository.

Reusing an Alert

Over time you'll find that you will have many Alerts that are similar, but with slight deviations to their underlying queries. To make it easier to create an alert that is similar to an existing one, you can duplicate it and then modify it.

To duplicate an alert:

  1. Go to the Alerts tab to see the full list of alerts saved in that repository.

  2. Click the menu icon to the right of the alert:

    Alert Menu

    Figure 195. Alert Menu


  3. Choose Duplicate.

  4. Type a name for the cloned alert and adjust its properties.

You can also export an alert to use elsewhere — to reuse an alert from another repository:

  1. Go to the Alerts tab to see the full list of alerts saved for that repository.

  2. Open the menu shown in Figure 195, “Alert Menu” and choose Export as Template. This will generate a yaml file that your browser will download.

    Tip

    You might export all of you alerts and keep a version history of changes by storing them on GitHub or elsewhere as a back-up, and to install them to your repositories from there.

  3. If needed, edit this file with a simple text editor before using it later.

  4. Use the Command-Line Interface (humioctl) to execute it from the command-line:

    shell
    humioctl alerts install repoName alertName --file=./my-alert.yaml

    In this example, the name of the export file is my-alert.yaml. You would change that value to whatever your file is named — and change the file path to wherever the file is located on your computer.

Editing an Alert

To edit an existing alert:

  1. Go to the Alerts tab to see the full list of alerts saved in that repository.

  2. Click on the name of the alert you want to edit.

  3. Change the properties in the Edit alert page, which is similar to when creating an alert for the first time (see Figure 192, “Setting Alert Properties”).

  4. When you've finished editing the alert, click Save alert on the bottom right.

Disabling an Alert

There may be times when you want to disable an alert. You might do this, for instance, if you've received a notification of an alert and need time to resolve the problem. You might want to disable the alert until then, so that it won't bother you while you're working on it. You can re-enable it when you're finished.

  1. Go to the Alerts tab and select the alert to disable, which will open the alert in edit mode.

  2. Uncheck the Alert Enabled check box under section General. Should you want to re-enable a disabled alert, simply check the box.

Deleting an Alert

  1. Go to the Alerts tab to see the full list of alerts saved in that repository.

  2. Open the menu shown in Figure 195, “Alert Menu” and click Delete

  3. Confirm that you want to delete the alert.

    Warning

    The Delete action cannot be undone and you cannot restore an alert.