{
"log_scale_alert": {
"name": "<string>",
"alert_type": "STANDARD",
"created_at": "2023-11-07T05:31:56Z",
"description": "<string>",
"disabled": true,
"log_scale_action_slugs": [
"<string>"
],
"log_scale_query": "level = ERROR | severity > 3 | count(as=numErrors) | numErrors > 500",
"repository": "<string>",
"run_as_user": "<string>",
"slug": "<string>",
"tags": [
"<string>"
],
"throttle_field": "<string>",
"throttle_secs": 123,
"time_window_secs": "3600",
"updated_at": "2023-11-07T05:31:56Z"
}
}CreateLogScaleAlert
{
"log_scale_alert": {
"name": "<string>",
"alert_type": "STANDARD",
"created_at": "2023-11-07T05:31:56Z",
"description": "<string>",
"disabled": true,
"log_scale_action_slugs": [
"<string>"
],
"log_scale_query": "level = ERROR | severity > 3 | count(as=numErrors) | numErrors > 500",
"repository": "<string>",
"run_as_user": "<string>",
"slug": "<string>",
"tags": [
"<string>"
],
"throttle_field": "<string>",
"throttle_secs": 123,
"time_window_secs": "3600",
"updated_at": "2023-11-07T05:31:56Z"
}
}Authorizations
Chronosphere API token
Body
If true, validates the specified configuration without creating the LogScaleAlert. If the specified configuration is valid, the endpoint returns a partial response without the LogScaleAlert. If the specified configuration is invalid, the endpoint returns an error.
The LogScaleAlert to create.
Show child attributes
Show child attributes
Name of the alert.
Type of alert, which can be standard or filter. A standard alert is triggered by an aggregate result. A filter alert is triggered by single event.
STANDARD, FILTER Description of the alert.
Flag indicating whether the alert is disabled.
Slugs of LogScale actions that will receive the alerts. When the value is empty this alert won't trigger. Optional.
LogScale query to execute.
"level = ERROR | severity > 3 | count(as=numErrors) | numErrors > 500"
Name of LogScale repository the alerts belongs to. Required.
Email of the user that the alert runs on behalf of. Required.
The unique identifier of the LogScaleAlert. If a slug isn't provided, one is generated based on the name field. You can't modify this field after the LogScaleAlert is created.
Tags attached to the alert.
Field to throttle on. Optional.
Throttle time in seconds. The alert is triggered at most once per throttle period.
Lookback window used for an alert's evaluation. If this is set to 86400 seconds (24 hours), only the events from the last 24 hours will be considered when the alert query is run.
"3600"
Response
A successful response containing the created LogScaleAlert.
Show child attributes
Show child attributes
Name of the alert.
Type of alert, which can be standard or filter. A standard alert is triggered by an aggregate result. A filter alert is triggered by single event.
STANDARD, FILTER Timestamp of when the LogScaleAlert was created. Cannot be set by clients.
Description of the alert.
Flag indicating whether the alert is disabled.
Slugs of LogScale actions that will receive the alerts. When the value is empty this alert won't trigger. Optional.
LogScale query to execute.
"level = ERROR | severity > 3 | count(as=numErrors) | numErrors > 500"
Name of LogScale repository the alerts belongs to. Required.
Email of the user that the alert runs on behalf of. Required.
The unique identifier of the LogScaleAlert. If a slug isn't provided, one is generated based on the name field. You can't modify this field after the LogScaleAlert is created.
Tags attached to the alert.
Field to throttle on. Optional.
Throttle time in seconds. The alert is triggered at most once per throttle period.
Lookback window used for an alert's evaluation. If this is set to 86400 seconds (24 hours), only the events from the last 24 hours will be considered when the alert query is run.
"3600"
Timestamp of when the LogScaleAlert was last updated. Cannot be set by clients.