I have incoming incidents from Azure which is sending alerts in the common alert schema.
In my service, I would like to filter them based on the presence of the field, but I can’t get this working.
On the main dashboard, my incident has body like this:
{
"rows": [
[
"2020-04-30T06:29:01.7401207Z",
"new message in some-control-error",
"customEvent",
"{\"messageId\":\"b4482789-c426-434a-ae5c-04b7b18d5fd4\",\"origin\":\"some.origin.Import\",\"destination\":\"some.destination.ProductImport\"}",
But in event rule creation window this looks different:
{
"timestamp": "2020-04-30T06:42:27.755Z",
"summary": "some-client-prod-QueueControlError",
"source": "Application Insights",
"severity": "info",
"dedup_key": "/.*******************",
"custom_details": {
"Threshold": "0",
"SearchResults": {
"tables": [
{
"rows": [
[
"2020-04-30T06:29:01.7401207Z",
"new message in some-control-error",
"customEvent",
"{"messageId":"****************-04b7b18d5fd4","origin":"some.origin.Import","destination":"some.destination.ProductImport"}"
I would like to ignore/change incidents based on destination value.
I tried the next rules and none of them work:
When any conditions are met
custom_details.SearchResults.tables[0].rows[0][3] contains \"destination\":\"some.destination.SubmitOrder\"
When any conditions are met
custom_details.SearchResults.tables[0].rows[0][3] contains "destination":"some.destination.SubmitOrder"
When any conditions are met
custom_details.SearchResults.tables[0].rows[0][3].destination contains some.destination.SubmitOrder
When any conditions are met
custom_details.SearchResults.tables[0].rows[0][3] matches regex \"\bdestination\b\"\:\"\bsome\b\.\bdestination\b\.\bProcessOrder\b\"
How to make it work?