Managing Alerts

After you've created some Alerts, you may want to make some changes to them, changes you did not anticipate originally. You may want to rename them, duplicate and modify them, or just disable or delete some. You can find any Alerts you created and perform these actions from the Alerts page of a repository.

Creating Alerts

Alert List

Figure 155. Alert List

  1. Click on the Alerts tab for a repository at the top of any page of the Humio User Interface. You'll then see a screen similar to the one in Figure 1 here.

  2. Click on the + New Alert.

  3. Enter a name for the Alert, before the screen will change to look similar to the Search page, but with input fields in the right margin for entering Alert properties. You can see how this would look in Figure 3 below.

For more detailed explanation on creating Alerts, though, read the Creating Alerts documentation page.

Reusing an Alert

Alert Pull-Down Menu

Figure 156. Alert Pull-Down Menu

Over time you'll find that you will have many Alerts that are similar, but with slight deviations to their underlying queries. To make it easier to create an Alert that is similar to an existing one, you can duplicate it and then modify it. You can also export an Alert to use elsewhere.

Cloning an Alert:

  1. Go to the list of Alerts, click on the vertical dots (i.e., &tricolon;) to the right of the Alert and you'll see a menu of choices. You can see this in Figure 2 here.

  2. Click on the Clone choice. Type a name for the cloned Alert and adjust its properties. You can see how this would look in the screenshot shown in Figure 3 here.

Reusing an Alert from another repository:

  1. Go to the Alert pull-down menu and click Export as Template. This will generate a yaml file that your browser will download.

  2. You can edit this file with a simple text editor, if you want, before using it later. You might even export all of you Alerts and keep a version history of changes by storing them on GitHub or elsewhere, as a back-up and to install them to your repositories from there.

  3. You then have to use the Humio CLI to execute it from the command-line, as importing alerts is not currenly possible through the UI. You would enter something like this:

humioctl alerts install repoName alertName --file=./my-alert.yaml

In this example, the name of the export file is my-alert.yaml. You would change that value to whatever your file is named — and change the file path to wherever the file is located on your computer. See the humioctl documentation for information on how to install it and use this new feature of Humio, which is still in beta mode.

Editing an Alert

Edit an Alert

Figure 157. Edit an Alert

  1. Click on the name of the alert in the list of Alerts on the Alerts page. The screen will then look like the Search page, with the query for the Alert in the search box and the Alert's properties in the right margin. Figure 3 shows a screenshot of how this might look.

  2. Change the properties (e.g., name, throttle period, and Action), as well as the query behind the Alert. For more information on these fields, see the Alert Properties documentation. You can also add an Action to the Alert here. However, you'll have to create one first. See the Actions documentation page for more information on how to do that.

  3. When you've finished editing the Alert, click Save Changes on the top right.

Disabling an Alert

There may be times when you want to disable an Alert. You might do this, for instance, if you've received a notification of an Alert and need time to resolve the problem. You might want to disable the Alert until then, so that it won't bother you while you're working on it. You can re-enable it when you're finished.

  1. Go to the Alerts tab on the User Interface and select the Alert to disable, which will open the alert in edit mode, see a Figure 3 above.

  2. Uncheck the Alert Enabled check box in the right margin, where the Alert properties are listed. Should you want to re-enable a disabled alert simply check the box.

Deleting an Alert

  1. Go the Alerts page and click on the vertical dots (i.e., &tricolon;) to the right of the Alert you want to delete.

  2. From the pull-down menu that appears (see Figure 2), click Remove.

  3. Confirm that you want to delete the Alert. Note that this action cannot be undone and you cannot restore and alert.