Docs Home
logzio 1.17.1 published on Monday, Apr 14, 2025 by logzio
logzio.AlertV2
Explore with Pulumi AI
Create AlertV2 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AlertV2(name: string, args: AlertV2Args, opts?: CustomResourceOptions);@overload
def AlertV2(resource_name: str,
args: AlertV2Args,
opts: Optional[ResourceOptions] = None)
@overload
def AlertV2(resource_name: str,
opts: Optional[ResourceOptions] = None,
search_timeframe_minutes: Optional[float] = None,
title: Optional[str] = None,
sub_components: Optional[Sequence[AlertV2SubComponentArgs]] = None,
notification_emails: Optional[Sequence[str]] = None,
is_enabled: Optional[bool] = None,
joins: Optional[Sequence[Mapping[str, str]]] = None,
alert_notification_endpoints: Optional[Sequence[float]] = None,
output_type: Optional[str] = None,
schedule_cron_expression: Optional[str] = None,
schedule_timezone: Optional[str] = None,
description: Optional[str] = None,
correlation_operator: Optional[str] = None,
suppress_notifications_minutes: Optional[float] = None,
tags: Optional[Sequence[str]] = None,
alert_v2_id: Optional[str] = None)func NewAlertV2(ctx *Context, name string, args AlertV2Args, opts ...ResourceOption) (*AlertV2, error)public AlertV2(string name, AlertV2Args args, CustomResourceOptions? opts = null)
public AlertV2(String name, AlertV2Args args)
public AlertV2(String name, AlertV2Args args, CustomResourceOptions options)
type: logzio:AlertV2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AlertV2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertV2Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertV2Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertV2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertV2Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var alertV2Resource = new Logzio.AlertV2("alertV2Resource", new()
{
SearchTimeframeMinutes = 0,
Title = "string",
SubComponents = new[]
{
new Logzio.Inputs.AlertV2SubComponentArgs
{
QueryString = "string",
SeverityThresholdTiers = new[]
{
new Logzio.Inputs.AlertV2SubComponentSeverityThresholdTierArgs
{
Severity = "string",
Threshold = 0,
},
},
ValueAggregationType = "string",
AccountIdsToQueryOns = new[]
{
0,
},
Columns = new[]
{
new Logzio.Inputs.AlertV2SubComponentColumnArgs
{
FieldName = "string",
Regex = "string",
Sort = "string",
},
},
FilterMust = "string",
FilterMustNot = "string",
GroupByAggregationFields = new[]
{
"string",
},
Operation = "string",
ShouldQueryOnAllAccounts = false,
ValueAggregationField = "string",
},
},
NotificationEmails = new[]
{
"string",
},
IsEnabled = false,
Joins = new[]
{
{
{ "string", "string" },
},
},
AlertNotificationEndpoints = new[]
{
0,
},
OutputType = "string",
ScheduleCronExpression = "string",
ScheduleTimezone = "string",
Description = "string",
CorrelationOperator = "string",
SuppressNotificationsMinutes = 0,
Tags = new[]
{
"string",
},
AlertV2Id = "string",
});
example, err := logzio.NewAlertV2(ctx, "alertV2Resource", &logzio.AlertV2Args{
SearchTimeframeMinutes: pulumi.Float64(0),
Title: pulumi.String("string"),
SubComponents: logzio.AlertV2SubComponentArray{
&logzio.AlertV2SubComponentArgs{
QueryString: pulumi.String("string"),
SeverityThresholdTiers: logzio.AlertV2SubComponentSeverityThresholdTierArray{
&logzio.AlertV2SubComponentSeverityThresholdTierArgs{
Severity: pulumi.String("string"),
Threshold: pulumi.Float64(0),
},
},
ValueAggregationType: pulumi.String("string"),
AccountIdsToQueryOns: pulumi.Float64Array{
pulumi.Float64(0),
},
Columns: logzio.AlertV2SubComponentColumnArray{
&logzio.AlertV2SubComponentColumnArgs{
FieldName: pulumi.String("string"),
Regex: pulumi.String("string"),
Sort: pulumi.String("string"),
},
},
FilterMust: pulumi.String("string"),
FilterMustNot: pulumi.String("string"),
GroupByAggregationFields: pulumi.StringArray{
pulumi.String("string"),
},
Operation: pulumi.String("string"),
ShouldQueryOnAllAccounts: pulumi.Bool(false),
ValueAggregationField: pulumi.String("string"),
},
},
NotificationEmails: pulumi.StringArray{
pulumi.String("string"),
},
IsEnabled: pulumi.Bool(false),
Joins: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
AlertNotificationEndpoints: pulumi.Float64Array{
pulumi.Float64(0),
},
OutputType: pulumi.String("string"),
ScheduleCronExpression: pulumi.String("string"),
ScheduleTimezone: pulumi.String("string"),
Description: pulumi.String("string"),
CorrelationOperator: pulumi.String("string"),
SuppressNotificationsMinutes: pulumi.Float64(0),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
AlertV2Id: pulumi.String("string"),
})
var alertV2Resource = new AlertV2("alertV2Resource", AlertV2Args.builder()
.searchTimeframeMinutes(0)
.title("string")
.subComponents(AlertV2SubComponentArgs.builder()
.queryString("string")
.severityThresholdTiers(AlertV2SubComponentSeverityThresholdTierArgs.builder()
.severity("string")
.threshold(0)
.build())
.valueAggregationType("string")
.accountIdsToQueryOns(0)
.columns(AlertV2SubComponentColumnArgs.builder()
.fieldName("string")
.regex("string")
.sort("string")
.build())
.filterMust("string")
.filterMustNot("string")
.groupByAggregationFields("string")
.operation("string")
.shouldQueryOnAllAccounts(false)
.valueAggregationField("string")
.build())
.notificationEmails("string")
.isEnabled(false)
.joins(Map.of("string", "string"))
.alertNotificationEndpoints(0)
.outputType("string")
.scheduleCronExpression("string")
.scheduleTimezone("string")
.description("string")
.correlationOperator("string")
.suppressNotificationsMinutes(0)
.tags("string")
.alertV2Id("string")
.build());
alert_v2_resource = logzio.AlertV2("alertV2Resource",
search_timeframe_minutes=0,
title="string",
sub_components=[{
"query_string": "string",
"severity_threshold_tiers": [{
"severity": "string",
"threshold": 0,
}],
"value_aggregation_type": "string",
"account_ids_to_query_ons": [0],
"columns": [{
"field_name": "string",
"regex": "string",
"sort": "string",
}],
"filter_must": "string",
"filter_must_not": "string",
"group_by_aggregation_fields": ["string"],
"operation": "string",
"should_query_on_all_accounts": False,
"value_aggregation_field": "string",
}],
notification_emails=["string"],
is_enabled=False,
joins=[{
"string": "string",
}],
alert_notification_endpoints=[0],
output_type="string",
schedule_cron_expression="string",
schedule_timezone="string",
description="string",
correlation_operator="string",
suppress_notifications_minutes=0,
tags=["string"],
alert_v2_id="string")
const alertV2Resource = new logzio.AlertV2("alertV2Resource", {
searchTimeframeMinutes: 0,
title: "string",
subComponents: [{
queryString: "string",
severityThresholdTiers: [{
severity: "string",
threshold: 0,
}],
valueAggregationType: "string",
accountIdsToQueryOns: [0],
columns: [{
fieldName: "string",
regex: "string",
sort: "string",
}],
filterMust: "string",
filterMustNot: "string",
groupByAggregationFields: ["string"],
operation: "string",
shouldQueryOnAllAccounts: false,
valueAggregationField: "string",
}],
notificationEmails: ["string"],
isEnabled: false,
joins: [{
string: "string",
}],
alertNotificationEndpoints: [0],
outputType: "string",
scheduleCronExpression: "string",
scheduleTimezone: "string",
description: "string",
correlationOperator: "string",
suppressNotificationsMinutes: 0,
tags: ["string"],
alertV2Id: "string",
});
type: logzio:AlertV2
properties:
alertNotificationEndpoints:
- 0
alertV2Id: string
correlationOperator: string
description: string
isEnabled: false
joins:
- string: string
notificationEmails:
- string
outputType: string
scheduleCronExpression: string
scheduleTimezone: string
searchTimeframeMinutes: 0
subComponents:
- accountIdsToQueryOns:
- 0
columns:
- fieldName: string
regex: string
sort: string
filterMust: string
filterMustNot: string
groupByAggregationFields:
- string
operation: string
queryString: string
severityThresholdTiers:
- severity: string
threshold: 0
shouldQueryOnAllAccounts: false
valueAggregationField: string
valueAggregationType: string
suppressNotificationsMinutes: 0
tags:
- string
title: string
AlertV2 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AlertV2 resource accepts the following input properties:
- Search
Timeframe doubleMinutes - Sub
Components List<AlertV2Sub Component> - Title string
- Alert
Notification List<double>Endpoints - Alert
V2Id string - Correlation
Operator string - Description string
- Is
Enabled bool - Joins
List<Immutable
Dictionary<string, string>> - Notification
Emails List<string> - Output
Type string - Schedule
Cron stringExpression - Schedule
Timezone string - Suppress
Notifications doubleMinutes - List<string>
- Search
Timeframe float64Minutes - Sub
Components []AlertV2Sub Component Args - Title string
- Alert
Notification []float64Endpoints - Alert
V2Id string - Correlation
Operator string - Description string
- Is
Enabled bool - Joins []map[string]string
- Notification
Emails []string - Output
Type string - Schedule
Cron stringExpression - Schedule
Timezone string - Suppress
Notifications float64Minutes - []string
- search
Timeframe DoubleMinutes - sub
Components List<AlertV2Sub Component> - title String
- alert
Notification List<Double>Endpoints - alert
V2Id String - correlation
Operator String - description String
- is
Enabled Boolean - joins List<Map<String,String>>
- notification
Emails List<String> - output
Type String - schedule
Cron StringExpression - schedule
Timezone String - suppress
Notifications DoubleMinutes - List<String>
- search
Timeframe numberMinutes - sub
Components AlertV2Sub Component[] - title string
- alert
Notification number[]Endpoints - alert
V2Id string - correlation
Operator string - description string
- is
Enabled boolean - joins {[key: string]: string}[]
- notification
Emails string[] - output
Type string - schedule
Cron stringExpression - schedule
Timezone string - suppress
Notifications numberMinutes - string[]
- search_
timeframe_ floatminutes - sub_
components Sequence[AlertV2Sub Component Args] - title str
- alert_
notification_ Sequence[float]endpoints - alert_
v2_ strid - correlation_
operator str - description str
- is_
enabled bool - joins Sequence[Mapping[str, str]]
- notification_
emails Sequence[str] - output_
type str - schedule_
cron_ strexpression - schedule_
timezone str - suppress_
notifications_ floatminutes - Sequence[str]
- search
Timeframe NumberMinutes - sub
Components List<Property Map> - title String
- alert
Notification List<Number>Endpoints - alert
V2Id String - correlation
Operator String - description String
- is
Enabled Boolean - joins List<Map<String>>
- notification
Emails List<String> - output
Type String - schedule
Cron StringExpression - schedule
Timezone String - suppress
Notifications NumberMinutes - List<String>
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertV2 resource produces the following output properties:
- created_
at str - created_
by str - id str
- The provider-assigned unique ID for this managed resource.
- updated_
at str - updated_
by str
Look up Existing AlertV2 Resource
Get an existing AlertV2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AlertV2State, opts?: CustomResourceOptions): AlertV2@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alert_notification_endpoints: Optional[Sequence[float]] = None,
alert_v2_id: Optional[str] = None,
correlation_operator: Optional[str] = None,
created_at: Optional[str] = None,
created_by: Optional[str] = None,
description: Optional[str] = None,
is_enabled: Optional[bool] = None,
joins: Optional[Sequence[Mapping[str, str]]] = None,
notification_emails: Optional[Sequence[str]] = None,
output_type: Optional[str] = None,
schedule_cron_expression: Optional[str] = None,
schedule_timezone: Optional[str] = None,
search_timeframe_minutes: Optional[float] = None,
sub_components: Optional[Sequence[AlertV2SubComponentArgs]] = None,
suppress_notifications_minutes: Optional[float] = None,
tags: Optional[Sequence[str]] = None,
title: Optional[str] = None,
updated_at: Optional[str] = None,
updated_by: Optional[str] = None) -> AlertV2func GetAlertV2(ctx *Context, name string, id IDInput, state *AlertV2State, opts ...ResourceOption) (*AlertV2, error)public static AlertV2 Get(string name, Input<string> id, AlertV2State? state, CustomResourceOptions? opts = null)public static AlertV2 get(String name, Output<String> id, AlertV2State state, CustomResourceOptions options)resources: _: type: logzio:AlertV2 get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alert
Notification List<double>Endpoints - Alert
V2Id string - Correlation
Operator string - Created
At string - Created
By string - Description string
- Is
Enabled bool - Joins
List<Immutable
Dictionary<string, string>> - Notification
Emails List<string> - Output
Type string - Schedule
Cron stringExpression - Schedule
Timezone string - Search
Timeframe doubleMinutes - Sub
Components List<AlertV2Sub Component> - Suppress
Notifications doubleMinutes - List<string>
- Title string
- Updated
At string - Updated
By string
- Alert
Notification []float64Endpoints - Alert
V2Id string - Correlation
Operator string - Created
At string - Created
By string - Description string
- Is
Enabled bool - Joins []map[string]string
- Notification
Emails []string - Output
Type string - Schedule
Cron stringExpression - Schedule
Timezone string - Search
Timeframe float64Minutes - Sub
Components []AlertV2Sub Component Args - Suppress
Notifications float64Minutes - []string
- Title string
- Updated
At string - Updated
By string
- alert
Notification List<Double>Endpoints - alert
V2Id String - correlation
Operator String - created
At String - created
By String - description String
- is
Enabled Boolean - joins List<Map<String,String>>
- notification
Emails List<String> - output
Type String - schedule
Cron StringExpression - schedule
Timezone String - search
Timeframe DoubleMinutes - sub
Components List<AlertV2Sub Component> - suppress
Notifications DoubleMinutes - List<String>
- title String
- updated
At String - updated
By String
- alert
Notification number[]Endpoints - alert
V2Id string - correlation
Operator string - created
At string - created
By string - description string
- is
Enabled boolean - joins {[key: string]: string}[]
- notification
Emails string[] - output
Type string - schedule
Cron stringExpression - schedule
Timezone string - search
Timeframe numberMinutes - sub
Components AlertV2Sub Component[] - suppress
Notifications numberMinutes - string[]
- title string
- updated
At string - updated
By string
- alert_
notification_ Sequence[float]endpoints - alert_
v2_ strid - correlation_
operator str - created_
at str - created_
by str - description str
- is_
enabled bool - joins Sequence[Mapping[str, str]]
- notification_
emails Sequence[str] - output_
type str - schedule_
cron_ strexpression - schedule_
timezone str - search_
timeframe_ floatminutes - sub_
components Sequence[AlertV2Sub Component Args] - suppress_
notifications_ floatminutes - Sequence[str]
- title str
- updated_
at str - updated_
by str
- alert
Notification List<Number>Endpoints - alert
V2Id String - correlation
Operator String - created
At String - created
By String - description String
- is
Enabled Boolean - joins List<Map<String>>
- notification
Emails List<String> - output
Type String - schedule
Cron StringExpression - schedule
Timezone String - search
Timeframe NumberMinutes - sub
Components List<Property Map> - suppress
Notifications NumberMinutes - List<String>
- title String
- updated
At String - updated
By String
Supporting Types
AlertV2SubComponent, AlertV2SubComponentArgs
- Query
String string - Provide a Kibana search query written in Lucene syntax. The search query together with the filters select for the relevant logs. Cannot be null - send an asterisk wildcard
"*"if not using a search query. - Severity
Threshold List<AlertTiers V2Sub Component Severity Threshold Tier> - Sets a severity label per trigger threshold. If using more than one sub-component, only 1 severityThresholdTiers is allowed. Otherwise, 1 per enum are allowed (for a total of 5 thresholds of increasing severities). Increasing severity must adhere to the logic of the operator. See below for nested schema.
- Value
Aggregation stringType - Specifies the aggregation operator. Can be:
"SUM","MIN","MAX","AVG","COUNT","UNIQUE_COUNT","NONE". If"COUNT"or"NONE",value_aggregation_fieldmust be null, andgroup_by_aggregation_fieldsfields must not be empty. If any other operator type (other than"NONE"or"COUNT"),value_aggregation_fieldmust not be null. - Account
Ids List<double>To Query Ons - Specify Account IDs to select which accounts the alert should monitor. The alert will be checked only on these accounts.
- Columns
List<Alert
V2Sub Component Column> - See below for nested schema.
- Filter
Must string - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- Filter
Must stringNot - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- Group
By List<string>Aggregation Fields - Specify 1-3 fields by which to group the results and count them. If you apply a group by operation, the alert returns a count of the results aggregated by unique values.
- Operation string
- Specifies the operator for evaluating the results. Can be:
"LESS_THAN","GREATER_THAN","LESS_THAN_OR_EQUALS","GREATER_THAN_OR_EQUALS","EQUALS","NOT_EQUALS". - Should
Query boolOn All Accounts - Defaults to true. Only applicable when the alert is run from the main account. If true, the alert runs on the main account and all associated searchable sub accounts. If false, specify relevant account IDs for the alert to monitor using the
account_ids_to_query_onfield. - Value
Aggregation stringField - Selects the field on which to run the aggregation for the trigger condition. Cannot be a field already in use for
group_by_aggregation_fields.
- Query
String string - Provide a Kibana search query written in Lucene syntax. The search query together with the filters select for the relevant logs. Cannot be null - send an asterisk wildcard
"*"if not using a search query. - Severity
Threshold []AlertTiers V2Sub Component Severity Threshold Tier - Sets a severity label per trigger threshold. If using more than one sub-component, only 1 severityThresholdTiers is allowed. Otherwise, 1 per enum are allowed (for a total of 5 thresholds of increasing severities). Increasing severity must adhere to the logic of the operator. See below for nested schema.
- Value
Aggregation stringType - Specifies the aggregation operator. Can be:
"SUM","MIN","MAX","AVG","COUNT","UNIQUE_COUNT","NONE". If"COUNT"or"NONE",value_aggregation_fieldmust be null, andgroup_by_aggregation_fieldsfields must not be empty. If any other operator type (other than"NONE"or"COUNT"),value_aggregation_fieldmust not be null. - Account
Ids []float64To Query Ons - Specify Account IDs to select which accounts the alert should monitor. The alert will be checked only on these accounts.
- Columns
[]Alert
V2Sub Component Column - See below for nested schema.
- Filter
Must string - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- Filter
Must stringNot - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- Group
By []stringAggregation Fields - Specify 1-3 fields by which to group the results and count them. If you apply a group by operation, the alert returns a count of the results aggregated by unique values.
- Operation string
- Specifies the operator for evaluating the results. Can be:
"LESS_THAN","GREATER_THAN","LESS_THAN_OR_EQUALS","GREATER_THAN_OR_EQUALS","EQUALS","NOT_EQUALS". - Should
Query boolOn All Accounts - Defaults to true. Only applicable when the alert is run from the main account. If true, the alert runs on the main account and all associated searchable sub accounts. If false, specify relevant account IDs for the alert to monitor using the
account_ids_to_query_onfield. - Value
Aggregation stringField - Selects the field on which to run the aggregation for the trigger condition. Cannot be a field already in use for
group_by_aggregation_fields.
- query
String String - Provide a Kibana search query written in Lucene syntax. The search query together with the filters select for the relevant logs. Cannot be null - send an asterisk wildcard
"*"if not using a search query. - severity
Threshold List<AlertTiers V2Sub Component Severity Threshold Tier> - Sets a severity label per trigger threshold. If using more than one sub-component, only 1 severityThresholdTiers is allowed. Otherwise, 1 per enum are allowed (for a total of 5 thresholds of increasing severities). Increasing severity must adhere to the logic of the operator. See below for nested schema.
- value
Aggregation StringType - Specifies the aggregation operator. Can be:
"SUM","MIN","MAX","AVG","COUNT","UNIQUE_COUNT","NONE". If"COUNT"or"NONE",value_aggregation_fieldmust be null, andgroup_by_aggregation_fieldsfields must not be empty. If any other operator type (other than"NONE"or"COUNT"),value_aggregation_fieldmust not be null. - account
Ids List<Double>To Query Ons - Specify Account IDs to select which accounts the alert should monitor. The alert will be checked only on these accounts.
- columns
List<Alert
V2Sub Component Column> - See below for nested schema.
- filter
Must String - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- filter
Must StringNot - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- group
By List<String>Aggregation Fields - Specify 1-3 fields by which to group the results and count them. If you apply a group by operation, the alert returns a count of the results aggregated by unique values.
- operation String
- Specifies the operator for evaluating the results. Can be:
"LESS_THAN","GREATER_THAN","LESS_THAN_OR_EQUALS","GREATER_THAN_OR_EQUALS","EQUALS","NOT_EQUALS". - should
Query BooleanOn All Accounts - Defaults to true. Only applicable when the alert is run from the main account. If true, the alert runs on the main account and all associated searchable sub accounts. If false, specify relevant account IDs for the alert to monitor using the
account_ids_to_query_onfield. - value
Aggregation StringField - Selects the field on which to run the aggregation for the trigger condition. Cannot be a field already in use for
group_by_aggregation_fields.
- query
String string - Provide a Kibana search query written in Lucene syntax. The search query together with the filters select for the relevant logs. Cannot be null - send an asterisk wildcard
"*"if not using a search query. - severity
Threshold AlertTiers V2Sub Component Severity Threshold Tier[] - Sets a severity label per trigger threshold. If using more than one sub-component, only 1 severityThresholdTiers is allowed. Otherwise, 1 per enum are allowed (for a total of 5 thresholds of increasing severities). Increasing severity must adhere to the logic of the operator. See below for nested schema.
- value
Aggregation stringType - Specifies the aggregation operator. Can be:
"SUM","MIN","MAX","AVG","COUNT","UNIQUE_COUNT","NONE". If"COUNT"or"NONE",value_aggregation_fieldmust be null, andgroup_by_aggregation_fieldsfields must not be empty. If any other operator type (other than"NONE"or"COUNT"),value_aggregation_fieldmust not be null. - account
Ids number[]To Query Ons - Specify Account IDs to select which accounts the alert should monitor. The alert will be checked only on these accounts.
- columns
Alert
V2Sub Component Column[] - See below for nested schema.
- filter
Must string - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- filter
Must stringNot - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- group
By string[]Aggregation Fields - Specify 1-3 fields by which to group the results and count them. If you apply a group by operation, the alert returns a count of the results aggregated by unique values.
- operation string
- Specifies the operator for evaluating the results. Can be:
"LESS_THAN","GREATER_THAN","LESS_THAN_OR_EQUALS","GREATER_THAN_OR_EQUALS","EQUALS","NOT_EQUALS". - should
Query booleanOn All Accounts - Defaults to true. Only applicable when the alert is run from the main account. If true, the alert runs on the main account and all associated searchable sub accounts. If false, specify relevant account IDs for the alert to monitor using the
account_ids_to_query_onfield. - value
Aggregation stringField - Selects the field on which to run the aggregation for the trigger condition. Cannot be a field already in use for
group_by_aggregation_fields.
- query_
string str - Provide a Kibana search query written in Lucene syntax. The search query together with the filters select for the relevant logs. Cannot be null - send an asterisk wildcard
"*"if not using a search query. - severity_
threshold_ Sequence[Alerttiers V2Sub Component Severity Threshold Tier] - Sets a severity label per trigger threshold. If using more than one sub-component, only 1 severityThresholdTiers is allowed. Otherwise, 1 per enum are allowed (for a total of 5 thresholds of increasing severities). Increasing severity must adhere to the logic of the operator. See below for nested schema.
- value_
aggregation_ strtype - Specifies the aggregation operator. Can be:
"SUM","MIN","MAX","AVG","COUNT","UNIQUE_COUNT","NONE". If"COUNT"or"NONE",value_aggregation_fieldmust be null, andgroup_by_aggregation_fieldsfields must not be empty. If any other operator type (other than"NONE"or"COUNT"),value_aggregation_fieldmust not be null. - account_
ids_ Sequence[float]to_ query_ ons - Specify Account IDs to select which accounts the alert should monitor. The alert will be checked only on these accounts.
- columns
Sequence[Alert
V2Sub Component Column] - See below for nested schema.
- filter_
must str - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- filter_
must_ strnot - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- group_
by_ Sequence[str]aggregation_ fields - Specify 1-3 fields by which to group the results and count them. If you apply a group by operation, the alert returns a count of the results aggregated by unique values.
- operation str
- Specifies the operator for evaluating the results. Can be:
"LESS_THAN","GREATER_THAN","LESS_THAN_OR_EQUALS","GREATER_THAN_OR_EQUALS","EQUALS","NOT_EQUALS". - should_
query_ boolon_ all_ accounts - Defaults to true. Only applicable when the alert is run from the main account. If true, the alert runs on the main account and all associated searchable sub accounts. If false, specify relevant account IDs for the alert to monitor using the
account_ids_to_query_onfield. - value_
aggregation_ strfield - Selects the field on which to run the aggregation for the trigger condition. Cannot be a field already in use for
group_by_aggregation_fields.
- query
String String - Provide a Kibana search query written in Lucene syntax. The search query together with the filters select for the relevant logs. Cannot be null - send an asterisk wildcard
"*"if not using a search query. - severity
Threshold List<Property Map>Tiers - Sets a severity label per trigger threshold. If using more than one sub-component, only 1 severityThresholdTiers is allowed. Otherwise, 1 per enum are allowed (for a total of 5 thresholds of increasing severities). Increasing severity must adhere to the logic of the operator. See below for nested schema.
- value
Aggregation StringType - Specifies the aggregation operator. Can be:
"SUM","MIN","MAX","AVG","COUNT","UNIQUE_COUNT","NONE". If"COUNT"or"NONE",value_aggregation_fieldmust be null, andgroup_by_aggregation_fieldsfields must not be empty. If any other operator type (other than"NONE"or"COUNT"),value_aggregation_fieldmust not be null. - account
Ids List<Number>To Query Ons - Specify Account IDs to select which accounts the alert should monitor. The alert will be checked only on these accounts.
- columns List<Property Map>
- See below for nested schema.
- filter
Must String - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- filter
Must StringNot - Runs Elasticsearch Bool Query filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
- group
By List<String>Aggregation Fields - Specify 1-3 fields by which to group the results and count them. If you apply a group by operation, the alert returns a count of the results aggregated by unique values.
- operation String
- Specifies the operator for evaluating the results. Can be:
"LESS_THAN","GREATER_THAN","LESS_THAN_OR_EQUALS","GREATER_THAN_OR_EQUALS","EQUALS","NOT_EQUALS". - should
Query BooleanOn All Accounts - Defaults to true. Only applicable when the alert is run from the main account. If true, the alert runs on the main account and all associated searchable sub accounts. If false, specify relevant account IDs for the alert to monitor using the
account_ids_to_query_onfield. - value
Aggregation StringField - Selects the field on which to run the aggregation for the trigger condition. Cannot be a field already in use for
group_by_aggregation_fields.
AlertV2SubComponentColumn, AlertV2SubComponentColumnArgs
- Field
Name string - Specify the fields to be included in the notification.
- Regex string
- Trims the data using regex filters. Learn more.
- Sort string
- Specify a single field to sort by. The field cannot be an analyzed field (a field that supports free text search or searching by part of a message, such as the 'message' field). Should be:
"DESC","ASC".
- Field
Name string - Specify the fields to be included in the notification.
- Regex string
- Trims the data using regex filters. Learn more.
- Sort string
- Specify a single field to sort by. The field cannot be an analyzed field (a field that supports free text search or searching by part of a message, such as the 'message' field). Should be:
"DESC","ASC".
- field
Name String - Specify the fields to be included in the notification.
- regex String
- Trims the data using regex filters. Learn more.
- sort String
- Specify a single field to sort by. The field cannot be an analyzed field (a field that supports free text search or searching by part of a message, such as the 'message' field). Should be:
"DESC","ASC".
- field
Name string - Specify the fields to be included in the notification.
- regex string
- Trims the data using regex filters. Learn more.
- sort string
- Specify a single field to sort by. The field cannot be an analyzed field (a field that supports free text search or searching by part of a message, such as the 'message' field). Should be:
"DESC","ASC".
- field_
name str - Specify the fields to be included in the notification.
- regex str
- Trims the data using regex filters. Learn more.
- sort str
- Specify a single field to sort by. The field cannot be an analyzed field (a field that supports free text search or searching by part of a message, such as the 'message' field). Should be:
"DESC","ASC".
- field
Name String - Specify the fields to be included in the notification.
- regex String
- Trims the data using regex filters. Learn more.
- sort String
- Specify a single field to sort by. The field cannot be an analyzed field (a field that supports free text search or searching by part of a message, such as the 'message' field). Should be:
"DESC","ASC".
AlertV2SubComponentSeverityThresholdTier, AlertV2SubComponentSeverityThresholdTierArgs
Package Details
- Repository
- logzio logzio/terraform-provider-logzio
- License
- Notes
- This Pulumi package is based on the
logzioTerraform Provider.