The AggregateAlert
datatype includes various settings.
Table: AggregateAlert
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Mar 25, 2025 | |||||
actions | [Action] | yes | Long-Term | List of actions to fire on query result. See Action. | |
allowedActions | [AssetAction] | yes | Preview | List of actions allowed to fire on query result. See AssetAction. | |
description | string | Long-Term | Description of the aggregate alert. | ||
enabled | boolean | yes | Long-Term | Flag indicating whether the aggregate alert is enabled. | |
id | string | yes | Long-Term | Unique identifier of of the aggregate alert. | |
labels | [string] | yes | Long-Term | Labels attached to the aggregate alert. | |
lastError | string | Long-Term | Last error encountered while running the aggregate alert. | ||
lastSuccessfulPoll | long | Long-Term | Unix timestamp for last successful poll of the aggregate alert query. If this isn't very recent, the alert might have problems. | ||
lastTriggered | long | Long-Term | Unix timestamp for last execution of trigger. | ||
lastWarnings | [string] | yes | Long-Term | Last warnings encountered while running the aggregate alert. | |
modifiedInfo | ModifiedInfo | yes | Preview | Information about the aggregate alert that was modified. See ModifiedInfo. | |
name | string | yes | Long-Term | Name of the aggregate alert. | |
package | PackageInstallation | Long-Term | The package of which the aggregate alert was installed. See PackageInstallation. | ||
packageId | VersionedPackageSpecifier | Long-Term | The unique identifier of the package of the aggregate alert template. VersionedPackageSpecifier is a scalar. | ||
queryOwnership | queryOwnership | yes | Long-Term | Ownership of the query run by this alert. See queryOwnership. | |
queryString | string | yes | Long-Term | LogScale query to execute. | |
queryTimestampType | QueryTimestampType | yes | Long-Term | Timestamp type to use for a query. See QueryTimestampType and the FAQ: How Does LogScale Handle Ingest Delays in Aggregate Alerts KB article. | |
resource | string | yes | Short-Term | The resource identifier for the aggregate alert. | |
searchIntervalSeconds | long | yes | Long-Term | Search interval in seconds. | |
throttleField | string | Long-Term | A field to throttle on. | ||
throttleTimeSeconds | long | yes | Long-Term | Throttle time in seconds. | |
triggerMode | TriggerMode | yes | Long-Term | Trigger mode used for triggering the alert. See TriggerMode and the FAQ: How Does LogScale Handle Ingest Delays in Aggregate Alerts KB article. | |
yamlTemplate | yaml | yes | Long-Term | YAML specification of the aggregate alert. | |