Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What is the semantics for the search phrase foo:bar and its combinations

Eva-Maria.Mueller
Eva-Maria.Mueller January 6, 2025

Hi,

 

I receive alerts which contain extra properties. I figured out that I can search for them by by calling

detailsPair(foo: bar)

But I can also search for

  • :foo
  • foo:
  • :bar
  • bar:
  • foo
  • bar
  • foo AND bar

These search phrases will return the alerts containing the extra property foo: bar

 

Can you please explain what OpsGenie is searching for, when passing foo:bar (or one of the alternatives - see list above) to the search bar.

 

If I have an alert with the extra property foo:whatever and the alert title contain s whatever this title is, then 

the search query foo:whatever will also find this alert. Can you explain what the search does in the background.

 

I am asking this because the search query

foo:(bar OR whatever)

will NOT return alerts ONLY containing either the extra property foo:bar or foo:whatever
It will also return alerts containing alert containing an extra property key foo and the title starting (?) with bar or whatever

Answer
Watch
Like Shashwat Khare likes this
1165 views

2 answers

0 votes
Eva-Maria.Mueller
Eva-Maria.Mueller January 7, 2025

...

View More Comments
Eva-Maria.Mueller
Eva-Maria.Mueller January 7, 2025

Switch answer to reply

Like
Reply
0 votes
Shashwat Khare
Shashwat Khare
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 7, 2025

Hi @Eva-Maria.Mueller ,

This is Shashwat from Opsgenie support and here to help! :) 

The search query for searching alerts with extra properties should be in the below format:

detailsPair(key:value)

For your use case, here 

foo

is the key and 

Bar

is the extra property value.

For searching alerts that contain whatever in the alert title, the query would be:

message:whatever

Please refer to the below help document for the search query syntax to be used for each corresponding alert field:
https://support.atlassian.com/opsgenie/docs/search-queries-for-alerts/

Best,
Shashwat

View More Comments
Eva-Maria.Mueller
Eva-Maria.Mueller January 7, 2025

Hi Shashwat,

 

sorry - used the wrong input field...

 

thank you for you answer. Unfortunately, it does not completely answer everything.

 

It would be great if you could explain:

 

1. Which alerts will the following query return if I have an extra property with key foo 

foo:(bar OR whatever)

Can you also explain the syntax?

 

2. Which alerts will the following queries return (and why) - which semantic does the colon have resp. what do alerts need to fulfil to be matched by this query?

  • :test
  • test:

 

Like
Shashwat Khare
Shashwat Khare
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 8, 2025

Hi @Eva-Maria.Mueller ,

1. This query will return all alerts that have the key value as bar or whatever, in the alert extra properties.

2. For the colon insertion, may I know with which field are you using the syntax for the colon as :test or test: ?

Best,
Shashwat

Like
Eva-Maria.Mueller
Eva-Maria.Mueller January 8, 2025

Unfortunately, 

foo:(bar OR whatever)

will not return all alerts that have the key value as bar or whatever, in the alert extra properties. Please see my initial question 

I am asking this because the search query

foo:(bar OR whatever)

will NOT return alerts ONLY containing either the extra property foo:bar or foo:whatever
It will also return alerts containing alert containing an extra property key foo and the title starting (?) with bar or whatever

 

Unfortunately, I do not understand your question

2. For the colon insertion, may I know with which field are you using the syntax for the colon as :test or test: ?

Maybe you can try it yourself by searching in the OpsGenie UI and using a random field/label/extra property and firing a query containing a colon

 

Like
Shashwat Khare
Shashwat Khare
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 9, 2025

Hi,

Unfortunately, the logical operator AND is supported for standard alert fields like message/description and combining multiple values in the detailsPair operator doesn't work similarly.

Please use multiple queries to filter for such alerts having the values as bar or whatever.

The colon operator is used for equivalence (=) and isn't supported for pre/post  concatenation on the field values to filter out different results.

Please refer to this help document for the supported queries in the search query bar.

Best,
Shashwat

Like
Eva-Maria.Mueller
Eva-Maria.Mueller January 9, 2025

Hi Shashwat,

thank you for answer. 

 

Would be happy if you could give an example for the following

The colon operator is used for equivalence (=) and isn't supported for pre/post  concatenation on the field values to filter out different results.

 

This is what I understood so far:

  • The colon operator is used for equivalence (=)
  • The colon operator is only applicable for standard alert fields like message/description/tags/status (See Field reference for alert search at help page) but not for extra properties
  • The colon operator does not support "inner" usage of AND/OR operator
    • Supported: message:Foo OR message:Bar
    • Also Supported: message:(Foo OR Bar)
  • The detailsPair operator can be used for extra properties AKA details
    • Supported: detailsPair(myKey: bar) OR detailsPair(myKey: foo)
    • NOT Supported: detailsPair(myKey: (Foo OR Bar))

 

Is my summary correct?

Like
Shashwat Khare
Shashwat Khare
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 9, 2025

Hello @Eva-Maria.Mueller ,

Yes, some examples of the : operator within the search queries are:

tinyId : 28
message : Bar OR Whatever
description : server health check 
acknowledgedBy : x.y@abc.com

Yes, the above summary is accurate on the usage of the nesting parenthesis with the detailsPair operator.

Best,
Shashwat

Like
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
TAGS
AUG Leaders

Atlassian Community Events

    See all events