You can think of a preset like a “Slack Channel” for your alerts - a logical container to follow only alerts that matter for you.
How It Works
- CEL Expression Creation: Users craft CEL expressions that define the filtering criteria for alerts.
- Preset Definition: These expressions can be saved as presets for easy application to different alert streams.
- Alert Filtering: When applied, the CEL expressions evaluate each alert against the defined criteria, filtering the alert stream in real-time.
Creating a CEL Expression
There are two ways of creating a CEL expression in KeepManually creating CEL query
Use the CEL Language Definition documentation to better understand the capabilities of the Common Expression Language This is an example of how to query all the alerts that came fromSentry
'' instead of ""):
Importing from an SQL query
- Click on the “Import from SQL” button
- Write/Paste your SQL query and hit the “Convert to CEL” button
Save Presets
You can save your CEL queries into aPreset using the “Save current filter as a view” button
Preset and configure whether it is “Private” (only the creating user will see this Preset) or account-wide available.
Preset will then be created and available for you to quickly navigate and used
Practical Example
For instance, a user could create a CEL expression to filter alerts by severity and source, such asseverity == 'critical' && service.contains('database'), ensuring only critical alerts from database services are displayed.
Best Practices
- Specificity in Expressions: Craft expressions that precisely target the desired alerts to avoid filtering out relevant alerts.
- Presets Management: Regularly review and update your presets to align with evolving alerting needs.
- Testing Expressions: Before applying, test CEL expressions to ensure they correctly filter the desired alerts.