Alertmanage multiple filter query
65 views
Skip to first unread message
David Caro
Mar 8, 2022, 7:07:00 AM3/8/22
to Prometheus Users
HI!
We adopted alertmanager UI as our alerts dashboard recently, and I missed being able to group filters logically, for example, if you want to show alerts that match two different filters, like "team=wmcs || subject=~.*something".
Is that currently possible? If not, is it something on the works?
My apologies if this has come up before, though a quick search did not reveal much, so I would appreciate if you point me to the discussion.
Thanks!
Brian Candler
Mar 8, 2022, 9:12:50 AM3/8/22
to Prometheus Users
A very similar question was asked recently, see this thread:
victor labayen
Mar 9, 2022, 3:37:43 AM3/9/22
to Prometheus Users
Hi, I'm facing a similar problem and unfortunatelly I don't think that's possible.
Since every roule in the matchers list must be fullfilled you can use regex to perform a OR operation if multiple values are allowed for the same label. Something like:
matchers:
- team =~ "wmcs|.*something"
But in the case of different labels I did't found a way.
I'm actually requiring to group alerts that matches something like (field_a =~ "value_a1|value_a2" AND field_b = "value_b1") OR (field_a =~ "value_a3|value_a4" AND field_b = "value_b2"), but i cannot place 2 matchers in the same route neither all of them together. The closest I can get is with the following config, but combinations like field_a="value_a1" and field_b = "value_b2" will wrongly pass the filter.
matchers:
- field_a =~ "value_a1|value_a2|value_a3|value_a4"
- field_b =~ "value_b1|value_b2"
I'll test if making multiple routes, one with each configuration and ending up in the same receivers works out.
In your case it will be something like:
routes:
matchers:
- team =~ "wmcs|.*something"
But in the case of different labels I did't found a way.
I'm actually requiring to group alerts that matches something like (field_a =~ "value_a1|value_a2" AND field_b = "value_b1") OR (field_a =~ "value_a3|value_a4" AND field_b = "value_b2"), but i cannot place 2 matchers in the same route neither all of them together. The closest I can get is with the following config, but combinations like field_a="value_a1" and field_b = "value_b2" will wrongly pass the filter.
matchers:
- field_a =~ "value_a1|value_a2|value_a3|value_a4"
- field_b =~ "value_b1|value_b2"
I'll test if making multiple routes, one with each configuration and ending up in the same receivers works out.
In your case it will be something like:
routes:
- receiver: A
- matchers:
- team = "wmcs"
- receiver: A
- matchers:
- team =~ ".*something"
But I dont think the alerts will be grouped into the same notification.
I'll keep this post updated, but any help from someone with more knowledge will be apreciated.
I'll keep this post updated, but any help from someone with more knowledge will be apreciated.
Regards,
Víctor Labayen.
Víctor Labayen.
Brian Candler
Mar 9, 2022, 11:54:29 AM3/9/22
to Prometheus Users
On Wednesday, 9 March 2022 at 08:37:43 UTC victor labayen wrote:
I'll test if making multiple routes, one with each configuration and ending up in the same receivers works out.
In your case it will be something like:
routes:- receiver: A- matchers:- team = "wmcs"- receiver: A- matchers:
- subject =~ ".*something"
That should be fine. I don't think it will affect grouping, but if your testing shows otherwise, please let us know.
victor labayen
Mar 10, 2022, 7:59:39 AM3/10/22
to Prometheus Users
I have tested the multiple routes option.
The alerts are sent separatelly although the receivers are the same.
I think the only way to achieve this in alertmanager is by adding a new field to your alerts. Something as ugly as:
routes:
- receiver: A
- matchers:
-
is_team_wmcs_or_subject_something
: "true"
Regards,
Víctor Labayen.
The alerts are sent separatelly although the receivers are the same.
I think the only way to achieve this in alertmanager is by adding a new field to your alerts. Something as ugly as:
routes:
- receiver: A
- matchers:
Regards,
Víctor Labayen.
Reply all
Reply to author
Forward
0 new messages