The AggregateAlert datatype includes various settings.

Table: AggregateAlert

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 23, 2024
actions[action]yes List of actions to fire on query result. See Action.
allowedActions[AssetAction]yes List of actions allowed to fire on query result. See AssetAction.
descriptionstring  Description of the aggregate alert.
enabledbooleanyes Flag indicating whether the aggregate alert is enabled.
idstringyes Unique identifier of of the aggregate alert.
labels[string]yes Labels attached to the aggregate alert.
lastErrorstring  Last error encountered while running the aggregate alert.
lastSuccessfulPolllong  Unix timestamp for last successful poll of the aggregate alert query. If this isn't very recent, the alert might have problems.
lastTriggeredlong  Unix timestamp for last execution of trigger.
lastWarnings[string]yes Last warnings encountered while running the aggregate alert.
modifiedInfomodifiedInfoyes Information about the aggregate alert that was modified. See ModifiedInfo.
namestringyes Name of the aggregate alert.
packagePackageInstallation  The package of which the aggregate alert was installed. See PackageInstallation.
packageIdVersionedPackageSpecifier  The unique identifier of the package of the aggregate alert template. VersionedPackageSpecifier is a scalar.
queryOwnershipqueryOwnershipyes Ownership of the query run by this alert. See queryOwnership.
queryStringstringyes LogScale query to execute.
queryTimestampTypequeryTimestampTypeyes Timestamp type to use for a query. See QueryTimestampType and the FAQ: How Does LogScale Handle Ingest Delays in Aggregate Alerts KB article.
searchIntervalSecondslongyes Search interval in seconds.
throttleFieldstring  A field to throttle on.
throttleTimeSecondslongyes Throttle time in seconds.
triggerModetriggerModeyes Trigger mode used for triggering the alert. See TriggerMode and the FAQ: How Does LogScale Handle Ingest Delays in Aggregate Alerts KB article.
yamlTemplateyamlyes YAML specification of the aggregate alert.