SumoLogic
diff --git a/‎docs/reuse/alert-variables.md‎
Lines changed: 35 additions & 35 deletions b/‎docs/reuse/alert-variables.md‎
Lines changed: 35 additions & 35 deletions
diff --git a/‎static/img/reuse/check.png‎
-4.82 KB b/‎static/img/reuse/check.png‎
-4.82 KB
@@ -13,26 +13,26 @@ All variables are case-insensitive.
 
 | Variable | Description | Monitors | Scheduled Searches |
 | :-- | :-- | :-- | :--|
-| `{{Name}}` | The name of the alert. In the delivered payload, this variable is replaced with the Name you assigned to the alert when you created it. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{Description}}` | The description of the alert. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{MonitorType}}` | The type of alert, either `Logs` or `Metrics`. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{Query}}` | The query used to run the alert. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{QueryURL}}` | The URL to the logs or metrics query within Sumo Logic. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{ResultsJson}}` | JSON object containing the query results that triggered the alert. A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/><br/><br/>Not available with Email notifications |
-| `{{ResultsJson.fieldName}}` | The value of the specified field name. For example, this payload specification:<br/>`{{ResultsJson.client_ip}} had {{ResultsJson.errors}} errors`<br/><br/>Results in a subject line like this:<br/>`70.69.152.165 had 391 errors`<br/><br/>A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.<br/><br/>A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it.<br/><br/>You can return a specific result by providing an array index value in bracket notation. Such as, `{{ResultsJson.fieldName}}[0]` to return the first result.<br/><br/>**Reserved Fields**<br/>The following are reserved field names. They are generated by Sumo Logic during collection or search operations.<ul><li>_raw</li><li>Message</li><li>_messagetime</li><li>Time</li><li>_sourceHost</li><li>Host</li><li>_sourceCategory</li><li>Category</li><li>_sourceName</li><li>Name</li><li>_collector</li><li>Collector</li><li>_timeslice</li><li>_signature</li></ul> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{NumQueryResults}}` | The number of results the query returned. Results can be raw messages, time-series, or aggregates.<br/><br/>An aggregate query returns the number of aggregate results; displayed in the Aggregates tab of the Search page.<br/><br/>A non-aggregate query returns the number of raw results; displayed in the Messages tab of the Search page. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{Id}}` | The unique identifier of the monitor or search that triggered the alert. For example, `00000000000468D5`. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{DetectionMethod}}` | This is the type of Detection Method used to detect alerts. Values are based on static or outlier triggers and data type, either logs or metrics. The value will be either `LogsStaticCondition`, `MetricsStaticCondition`, `LogsOutlierCondition`, `MetricsOutlierCondition`,  `LogsMissingDataCondition`, `MetricsMissingDataCondition`, or `StaticCondition` (deprecated). | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
+| `{{Name}}` | The name of the alert. In the delivered payload, this variable is replaced with the Name you assigned to the alert when you created it. | &#10003; | &#10003; |
+| `{{Description}}` | The description of the alert. | &#10003; | &#10003; |
+| `{{MonitorType}}` | The type of alert, either `Logs` or `Metrics`. | &#10003; | &#10003; |
+| `{{Query}}` | The query used to run the alert. | &#10003; | &#10003; |
+| `{{QueryURL}}` | The URL to the logs or metrics query within Sumo Logic. | &#10003; | &#10003; |
+| `{{ResultsJson}}` | JSON object containing the query results that triggered the alert. A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook. | &#10003; | &#10003;<br/><br/>Not available with Email notifications |
+| `{{ResultsJson.fieldName}}` | The value of the specified field name. For example, this payload specification:<br/>`{{ResultsJson.client_ip}} had {{ResultsJson.errors}} errors`<br/><br/>Results in a subject line like this:<br/>`70.69.152.165 had 391 errors`<br/><br/>A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.<br/><br/>A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it.<br/><br/>You can return a specific result by providing an array index value in bracket notation. Such as, `{{ResultsJson.fieldName}}[0]` to return the first result.<br/><br/>**Reserved Fields**<br/>The following are reserved field names. They are generated by Sumo Logic during collection or search operations.<ul><li>_raw</li><li>Message</li><li>_messagetime</li><li>Time</li><li>_sourceHost</li><li>Host</li><li>_sourceCategory</li><li>Category</li><li>_sourceName</li><li>Name</li><li>_collector</li><li>Collector</li><li>_timeslice</li><li>_signature</li></ul> | &#10003; | &#10003; |
+| `{{NumQueryResults}}` | The number of results the query returned. Results can be raw messages, time-series, or aggregates.<br/><br/>An aggregate query returns the number of aggregate results; displayed in the Aggregates tab of the Search page.<br/><br/>A non-aggregate query returns the number of raw results; displayed in the Messages tab of the Search page. | &#10003; | &#10003; |
+| `{{Id}}` | The unique identifier of the monitor or search that triggered the alert. For example, `00000000000468D5`. | &#10003; | &#10003; |
+| `{{DetectionMethod}}` | This is the type of Detection Method used to detect alerts. Values are based on static or outlier triggers and data type, either logs or metrics. The value will be either `LogsStaticCondition`, `MetricsStaticCondition`, `LogsOutlierCondition`, `MetricsOutlierCondition`,  `LogsMissingDataCondition`, `MetricsMissingDataCondition`, or `StaticCondition` (deprecated). | &#10003; | &#10003; |
 | `{{TriggerType}}` | The status of the alert or recovery. Alert will have either `Normal`, `Critical`, `Warning`, or `Missing Data`.
-Recovery will have either `ResolvedCritical`, `ResolvedWarning`, or `ResolvedMissingData`. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |  |
-| `{{TriggerTimeRange}}` | The time range of the query that triggered the alert. For example:<br/>`07/13/2021 03:21:32 PM UTC to 07/13/2021 03:36:32 PM UTC` | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{TriggerTime}}` | The time the monitor was triggered. For example:<br/>`07/13/2021 03:38:30 PM UTC.` | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{TriggerCondition}}` | The condition that triggered the alert. For example:<br/>`Greater than or equal to 1.0 in the last 15 minutes` | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{TriggerValue}}` | The value that triggered the alert. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{TriggerTimeStart}}` | The start time of the time range that triggered the monitor in Unix format. For example, `1626189692042`. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{TriggerTimeEnd}}` | The end time of the time range that triggered the monitor in Unix format. For example, `1626190592042`. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{SourceURL}}` | The URL to the configuration or status page of the monitor in Sumo Logic. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |  |
-| `{{AlertResponseUrl}}` | When your Monitor is triggered it will generate a URL and provide it as the value of this variable where you can use it to open Alert Response. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
+Recovery will have either `ResolvedCritical`, `ResolvedWarning`, or `ResolvedMissingData`. | &#10003; | ![check](/img/reuse/x.png) |
+| `{{TriggerTimeRange}}` | The time range of the query that triggered the alert. For example:<br/>`07/13/2021 03:21:32 PM UTC to 07/13/2021 03:36:32 PM UTC` | &#10003; | &#10003; |
+| `{{TriggerTime}}` | The time the monitor was triggered. For example:<br/>`07/13/2021 03:38:30 PM UTC.` | &#10003; | &#10003; |
+| `{{TriggerCondition}}` | The condition that triggered the alert. For example:<br/>`Greater than or equal to 1.0 in the last 15 minutes` | &#10003; | &#10003; |
+| `{{TriggerValue}}` | The value that triggered the alert. | &#10003; | &#10003; |
+| `{{TriggerTimeStart}}` | The start time of the time range that triggered the monitor in Unix format. For example, `1626189692042`. | &#10003; | &#10003; |
+| `{{TriggerTimeEnd}}` | The end time of the time range that triggered the monitor in Unix format. For example, `1626190592042`. | &#10003; | &#10003; |
+| `{{SourceURL}}` | The URL to the configuration or status page of the monitor in Sumo Logic. | &#10003; | ![check](/img/reuse/x.png) |
+| `{{AlertResponseUrl}}` | When your Monitor is triggered it will generate a URL and provide it as the value of this variable where you can use it to open Alert Response. | &#10003; | &#10003; |
 
 ### Examples
 
@@ -96,19 +96,19 @@ We recommend you use the new [common variables](/docs/alerts/webhook-connections
 
 | Variable | Description | Metrics Monitors | Scheduled Searches |
 | :-- | :-- | :-- | :--|
-| ` {{SearchName}}` |  | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{SearchDescription}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced with the Name you assigned to the search or Monitor when you created it. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{SearchQuery}}` | The query used to run the saved search. In the delivered payload, this variable is replaced by your saved search query or metric query. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{SearchQueryUrl}}` | The URL to the search or metrics query. In the delivered payload, this is a URL that you can click to run the saved logs or metric query. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{TimeRange}}` | The time range that triggered the alert. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{FireTime}}` | The start time of the log search or metric query that triggered the notification. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{AggregateResultsJson}}` | JSON object containing search aggregation results. A maximum of 200 aggregate results can be sent via webhook. |  | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/><br/>Not available with Email notifications |
-| `{{RawResultsJson}}` | JSON object containing raw messages. A maximum of 10 raw messages can be sent via webhook. |  | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/><br/>Not available with Email notifications |
-| `{{NumRawResults}}` | Number of results returned by the search. |  | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{Results.fieldname}}` | The value returned from the search result for the specified field. For example, this payload specification:<br/>`{{Results.client_ip}} had {{Results.errors}} errors`<br/><br/>Results in a subject line like this:<br/>`70.69.152.165 had 391 errors`<br/><br/>A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.<br/>A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it. |  | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |
-| `{{AlertThreshold}}` | The condition that triggered the alert (for example, above 90 at least once in the last 5 minutes) | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |  |
-| `{{AlertSource}}` | The metric and sourceHost that triggered the alert, including associated tags for that metric. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |  |
-| `{{AlertSource.fieldname}}` | The value returned from the AlertSource object for the specified field name. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |  |
-| `{{AlertID}}` | The ID of the triggered alert. | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |  |
-| `The ID of the triggered alert.` | Current status of the time series that triggered (for example, Critical or Warning). | <img src="/img/reuse/check.png" alt="green check circle.png" width="20"/> |  |
-| `{{AlertCondition}}` | The condition that triggered the alert. |  |  |
+| ` {{SearchName}}` |  | &#10003; | &#10003; |
+| `{{SearchDescription}}` | Description of the saved search or Monitor. In the delivered payload, this variable is replaced with the Name you assigned to the search or Monitor when you created it. | &#10003; | &#10003; |
+| `{{SearchQuery}}` | The query used to run the saved search. In the delivered payload, this variable is replaced by your saved search query or metric query. | &#10003; | &#10003; |
+| `{{SearchQueryUrl}}` | The URL to the search or metrics query. In the delivered payload, this is a URL that you can click to run the saved logs or metric query. | &#10003; | &#10003; |
+| `{{TimeRange}}` | The time range that triggered the alert. | &#10003; | &#10003; |
+| `{{FireTime}}` | The start time of the log search or metric query that triggered the notification. | &#10003; | &#10003; |
+| `{{AggregateResultsJson}}` | JSON object containing search aggregation results. A maximum of 200 aggregate results can be sent via webhook. | ![check](/img/reuse/x.png) | &#10003;<br/>Not available with Email notifications |
+| `{{RawResultsJson}}` | JSON object containing raw messages. A maximum of 10 raw messages can be sent via webhook. | ![check](/img/reuse/x.png) | &#10003;<br/>Not available with Email notifications |
+| `{{NumRawResults}}` | Number of results returned by the search. | ![check](/img/reuse/x.png) | &#10003; |
+| `{{Results.fieldname}}` | The value returned from the search result for the specified field. For example, this payload specification:<br/>`{{Results.client_ip}} had {{Results.errors}} errors`<br/><br/>Results in a subject line like this:<br/>`70.69.152.165 had 391 errors`<br/><br/>A maximum of 200 aggregate results or 10 raw messages for this field can be sent via webhook.<br/>A field name must match (case-insensitive) the field from your search and must be alphanumeric characters, underscores, and spaces. If you have a field name that has an unsupported character use the as operator to rename it. | ![check](/img/reuse/x.png) | &#10003; |
+| `{{AlertThreshold}}` | The condition that triggered the alert (for example, above 90 at least once in the last 5 minutes) | &#10003; | ![check](/img/reuse/x.png) |
+| `{{AlertSource}}` | The metric and sourceHost that triggered the alert, including associated tags for that metric. | &#10003; | ![check](/img/reuse/x.png) |
+| `{{AlertSource.fieldname}}` | The value returned from the AlertSource object for the specified field name. | &#10003; | ![check](/img/reuse/x.png) |
+| `{{AlertID}}` | The ID of the triggered alert. | &#10003; | ![check](/img/reuse/x.png) |
+| `The ID of the triggered alert.` | Current status of the time series that triggered (for example, Critical or Warning). | &#10003; | ![check](/img/reuse/x.png) |
+| `{{AlertCondition}}` | The condition that triggered the alert. | ![check](/img/reuse/x.png) | ![check](/img/reuse/x.png) |