After you’ve created some Alerts, you may want to make some changes to them, changes you did not anticipate originally. You may want to rename them, duplicate and modify them, or just disable or delete some. You can find any Alerts you created and perform these actions from the Alerts page of a repository.
To create an Alert, click on the Alerts tab for a repository at the top of any page of the Humio User Interface. You’ll then see a screen similar to the one in Figure 1 here. From this screen, click on the + New Alert button. You’ll be asked to enter a name for the Alert, before the screen will change to look similar to the Search page, but with input fields in the right margin for entering Alert properties. You can see how this would look in Figure 3 below.
For more detailed explanation on creating Alerts, though, read the Creating Alerts documentation page.
Over time you’ll find that you will have many Alerts that are similar, but with slight deviations to their underlying queries. To make it easier to create an Alert that is similar to an existing one, you can duplicate it and then modify it. You can also export an Alert to use elsewhere.
To duplicate an Alert, from the list of Alerts, click on the vertical dots (i.e., more_vert) to the right of the Alert. When you click on those dots, you’ll see a menu of choices. You can see this in Figure 2 here. From that menu, click on the Clone choice. You’ll then give the new, cloned Alert a name and be allowed to adjust its properties. You can see how this would look in the screenshot shown in Figure 3 here.
Alerts are repository based. If you want to use the same Alert in another repository, you’ll have to export it as a template. From the same pull-down menu for an Alert (see Figure 2), click on Export as Template. This will generate a
yaml file that your browser will download. You can edit this file with a simple text editor, if you want, before using it later. You might even export all of you Alerts and keep a version history of changes by storing them on GitHub or elsewhere, as a back-up and to install them to your repositories from there.
At this time, there’s no way to load an Alert template into a repository by using the User Interface. Instead, you’ll have to use the Humio CLI to execute it from the command-line. You would enter something like this:
humioctl alerts install repoName alertName --file=./my-alert.yaml
In this example, the name of the export file is
my-alert.yaml. You would change that value to whatever your file is named — and change the file path to wherever the file is located on your computer. See the Humio CLI documentation for information on how to install it and use this new feature of Humio, which is still in beta mode.
If you want to edit an existing Alert, you would click on the name of it from the list of Alerts on the Alerts page. The screen will then look like the Search page, with the query for the Alert in the search box and the Alert’s properties in the right margin. Figure 3 shows a screenshot of how this might look.
Here you can change the properties (e.g., name, throttle period, and Action), as well as the query behind the Alert. For more information on these fields, see the Creating Alerts – Alert Properties documentation.
You can also add an Action to the Alert here. However, you’ll have to create one first. See the Create an Action documentation page for more information on how to do that.
When you’re finished editing the Alert, click on the purple button labeled, Save Changes at the top right.
There may be times when you want to disable an Alert. You might do this, for instance, if you’ve received a notification of an Alert and need time to resolve the problem. You might want to disable the Alert until then, so that it won’t bother you while you’re working on it. You can re-enable it when you’re finished.
To disable an Alert, go to the Alerts tab in the User Interface and select the Alert to disable. When you do, it will be in edit mode and you’ll see a screen like the one in Figure 3 above. If you look closely at that image by clicking on it, you’ll see in the right margin, where the Alert properties are listed, a checkbox with the heading Alert Enabled. Uncheck that box to disable the Alert. When you want to enable it again, go back to the same page to edit the Alert and check the box.
You may find that an Alert is no longer of use and want to delete it. To do this, from the list of Alerts on the Alerts page, click on the vertical dots (i.e., more_vert) to the right of the Alert you want to delete.
From the pull-down menu that appears (see Figure 2), click Remove. A dialog box will appear, asking you to confirm this. Do so and it will be deleted. Be sure you want to do this since you won’t be able to undo or restore a deleted Alert.