How to create an ignore event rule if one of the additionalinfo field is not present

gaurav4sn · ‎07-27-2023

We have different additional info payload. There are some mandatory payload (eg: namespace). We need to create an ignore rule if particular field "namespace" does not appear

Additional info payload :

{"assetid":"","routingrp":"","classification":"IT","namespace":"apache/metrics"}

Rahul Priyadars · ‎07-31-2023

Hi Gaurav

U can write an event matching rule and then Ignore Those events . Keep the ORDER Value is Very Lower Values.

Regards

RP

gaurav4sn · ‎09-17-2023

We need to ignore if "namespace" field does not appear in additional info.

ignore rule is says if any specific field does/doesnot have some value.

eg:

if below data appear in additional field it should not be ignored and create alert

{"assetid":"","routingrp":"","classification":"IT","namespace":"apache/metrics"}

if below data appear in additional field it should be ignored and do not create alert

{"assetid":"","routingrp":"","classification":"IT"}

Sandeep104 · ‎08-13-2024

have you found a way to achieve this?

ersureshbe · ‎08-14-2024

Hi, I hope below screenshot supports you.

Regards,
Suresh.