Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

searching alerts for number in subject

Petr Novotny
Petr Novotny December 13, 2023

Hi, I have following alert
[Prometheus]: CRITICAL on 10.100.129.192:9104 - Exporter_State

If I am trying to search, this query doesnt fit
message: "[Prometheus]: CRITICAL on 10"

While this one fits

message: "[Prometheus]: CRITICAL on "

 

So if I put number in search string, it fails. Any idea, pls?

thanks

Petr

Answer
Watch
Like Be the first to like this
463 views

3 answers

0 votes
Rafael Meira
Rafael Meira
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 18, 2023

You're welcome, @Petr Novotny let me know if I can assist you with anything else.

Best,

Reply
0 votes
Bin
Bin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 14, 2023

@Rafael MeiraI have a hyperlink in Description field.  The end of URL is id=dddd.  I want to search for the number dddd.  I tried different syntax combination such as *9099* or "*9099" or *"9099", etc.  None of them pulled any reason.  The same number appears in Alias field too.  The sample data is like:

XXX PRTG Hosted (xxxx.my-prtg.com)_Microsoft 365 Service Status (Microsoft 365 Service Status)_9099

This is not hyperlink but the similar searches on Alias field did not find anything.

Please advise.  Thanks!!

Reply
0 votes
Rafael Meira
Rafael Meira
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 14, 2023

Hello @Petr Novotny 

OpsGenie uses the Elasticsearch Query String Query for its search functionality. This means that certain characters are reserved by Elasticsearch and have a special meaning. One of these is the ":" character, which is used for field search.

When you are using numbers or any character after ":", it is treated as a field search and OpsGenie is searching for a field called "10", not a string. That's why your search query with the number is not working.

You should escape the ":" character with double backslashes like so: "\\:". So your search string should be:

```
message: "[Prometheus]\\: CRITICAL on 10"
```

This would escape the ":" character and allow you to search with the number as part of the string.

I hope this helps.

Best,
Rafa

View More Comments
Petr Novotny
Petr Novotny December 14, 2023

Hello Rafa,

thanks for your answer, unfortunately this is not working as expected.

As I wrote in my post, message: "[Prometheus]: CRITICAL on " works. Also message: "CRITICAL on" finds my alerts with ":" char in our alerts.  

It wont find any alert if I include number in search string. So when I use message: "CRITICAL on 10", its giving nothing. 

original alerts are "[Prometheus]: CRITICAL on 10.100.129.192:9104" and only IP address is changing.

regards

Petr 

Like
Petr Novotny
Petr Novotny December 15, 2023

I can see the possible culprit here is that IP is taken as a whole word "10.101.133.110:9104" and if we search just for a part of this word, like "10.101" it wont find anything

Like
Rafael Meira
Rafael Meira
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 15, 2023

@Petr Novotny 

It seems like the IP address is treated as a whole term, and thus a search for a part of the IP won't return any results as there is no exact match.

There are a few ways that you could potentially work around this:

1. If you are aware of the exact IP that you want to search for, you could use that in your search term. For example: `message: "CRITICAL on 10.100.129.192:9104"`.

2. If you are looking for alerts from a range of IPs, you could potentially do a wildcard search. For example: `message: "CRITICAL on 10.*"`.

3. If the first two options are not suitable and you need to be able to search for parts of an IP, you might need to consider modifying the way your data is indexed. This could involve changing the way the data is tokenized, for example by using a custom tokenizer that splits the IP into separate terms.

 

I hope this helps.

Best,
Rafa

Like
Petr Novotny
Petr Novotny December 18, 2023

Hi Rafa,

thanks again for checking on that.

Your proposed solution no.2 is what I was trying to show here and is exactly what would be sufficient for me to use, but its really no working :( .. `message: "CRITICAL on 10.*"` doesnt find anything. If I use `message: "CRITICAL on *"` all is good. So its just a matter of adding any number to search string it breaks.

regards

Petr

Like
Rafael Meira
Rafael Meira
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 19, 2023

Thank you @Petr Novotny 

Let us know if we could assist you on anything else.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events