Versions Supported: Full-Stack
VictorOps Version Required: N/A SaaS
The matching condition will determine when this rule should be applied. You can choose any field that exists within the payload of an alert and match on a specific value for that field using a direct match or wildcard matching.
When viewing an incident in the timeline, field names are on the left and values are on the right:
In the above example, the field of interest is the entity_id field and the value that matters is the phrase “This is a test”. The matching condition, therefore, is the following (wildcard matching used in this example, hence the “*” asterisks).
Rules can match on an alert field value using a simplified wildcard syntax to match some or all of the string. The asterisk “*” character matches 0 or more characters and the “?” character matches exactly one character. They can be used anywhere in the match pattern, as many times as needed.
|Phrase||Matches||Does Not Match|
AND / OR Logic
OR logic can be achieved by simply replicating a rule with a different matching condition.
Using a set of sequential rules, when ordered correctly, can achieve basic AND logic in the Transmogrifier. As with scope limiting rules, the first rule must create a new field which can be acted upon by a subsequent rule.
AND Logic Example
Let’s say you want to catch the phrase “disk space” from the entity_id field AND the name “stage-db-26” from the host_name field to convert these alerts to INFO events only when both these conditions are met.
The matching condition for the first rule will catch the first desired phrase and use variable expansion to import the value of the second field into a newly declared field.
The matching condition for the second rule (MUST BE POSITIONED BELOW THE FIRST RULE!) checks the newly declared field for the value “stage-db-26” and takes the appropriate action.