The CreateAlert input
includes various settings.
Table: CreateAlert
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Mar 28, 2025 | |||||
actions | [string] | yes | Long-Term | List of unique identifiers of actions to execute on query result. | |
description | string | yes | Long-Term | Description of the alert. | |
enabled | boolean | yes | true | Long-Term | Flag indicating whether the alert is enabled. |
labels | boolean | yes | [ ] | Long-Term | Labels attached to the alert. |
Name | string | yes | Long-Term | Name of the alert. | |
queryOwnershipType | QueryOwnershipType | User | Long-Term | Ownership of the query run by this alert. If value is User, ownership will be based on the runAsUserId field. See QueryOwnershipType. | |
queryStart | string | yes | Long-Term | Start of the relative time interval for the query. | |
queryString | string | yes | Long-Term | LogScale query to execute. | |
runAsUserId | string | Long-Term | The alert will run with the permissions of the user corresponding to this ID if the queryOwnershipType field is set to User. If the queryOwnershipType is set to Organization, whilst runAsUserId is set, this will result in an error. If not specified, the alert will run with the permissions of the calling user. It requires the 'ChangeTriggersToRunAsOtherUsers' permission to set this field to a user id different from the calling user. | ||
throttleField | string | yes | Long-Term | Field on which to throttle. | |
throttleTimeMillis | string | yes | Long-Term | Throttle time in milliseconds. | |
viewName | string | yes | Long-Term | Name of the view of the alert. | |