In this article, we will see 10 Opsgenie Most Frequently Used Alert Search Queries. It is often observed that Opsgenie generates a lot number of alerts in a very short duration in which some of them are positive and genuine alerts while others are just false positive. The real problem comes when you need to filter all those alerts on the basis of priority, teams, status, message, closed by and other such criteria's. In this type of situation using query to search all the alerts can save lot of time and effort. Here we will see 10 most frequently used alert search queries based on certain conditions.

 

10 Opsgenie Most Frequently Used Alert Search Queries

Also Read: How to Create an Alert in Opsgenie Using 5 Easy Steps

Example 1: How to Search all P1 priority alerts with a particular tag

If you have some application called FSCM which is recognized with a tag called az-fscm-prod in Opsgenie then to query all the alerts for this application of priority P1, you need to use below mentioned query.

tag: az-fscm-prod AND priority: P1

 

Example 2: How to Search all P1 priority alerts of different tags 

If you have three different applications called FSCM, HCM and Portal which are recognized by the tag called az-fscm-prod, az-hcm-prod and az-portal-prod respectively then to query all the alerts of priority P1, you need to use below query.

tag: (az-fscm-prod OR az-hcm-prod OR az-portal-prod) AND priority: P1

 

Example 3: How to Search all P1 or P2 priority alerts of different tags  

If you have three different applications called FSCM, HCM and Portal which are recognized by the tag az-fscm-prod, az-hcm-prod and az-portal-prod respectively then to query all the P1 or P2 alerts generated for the application, you need to use below query.

tag: (az-fscm-prod OR az-hcm-prod OR az-portal-prod) AND priority: (P1 OR P2)

 

Example 4: How to Search all P3 priority open alerts for a Particular Team 

If you are looking for all the open alerts generated for some specific team say DEV in our case of priority P3 then you need to use below query to get all those alerts.

status: open AND teams: "DEV" AND priority: P3

 

Example 5: How to Search all P3 priority open alerts by some description 

If you are looking for all the alerts with some description and of certain priority such as P3 then you need to use below query to get all the alerts in the selected time range. Below query will show all P3 priority open alerts with description threshold_change.

status: open AND description: threshold_change AND priority: P3

 

Example 6: How to Search all P3 priority open alerts by some keyword in message  

If you are looking for all the alerts with some specific keyword in message of certain priority such as P3 then you need to use below query to get all the alerts in the selected time range. Below query will show all the P3 priority open alerts containing keyword down in message section.

status: open AND message: down AND priority: P3

 

Example 7: How to Search all Unacknowledged Open Alerts 

If you are looking for all the unacknowledged open alerts within a specific time frame, then you can use below query to get all those alerts after selecting the time window.

status: open AND acknowledged: false

Similarly, you can search all unacknowledged closed alerts using below query.

status: closed AND acknowledged: false

 

Example 8: How to Search all Acknowledged Open Alerts

If you are looking for all the acknowledged open alerts within a specific timeframe then you need to use below query.

status: open AND acknowledged: true

Similarly, you can also search all acknowledged closed alerts using below query.

status: closed AND acknowledged: true

 

Example 9: How to Search all the Alerts closed by a specific team member

If you are looking for all the alerts closed by a specific team member then you need to specify below given details in the query. Below query will show all the alerts closed by team member of email ID john.k@cyberithub.com.

status: closed AND closedBy: john.k@cyberithub.com

 

Example 10: How to Search all the open alerts Acknowledged by a specific team member

If you are looking for all the open alerts acknowledged by a specific team member then you need to specify below details in the query within the selected time range. Below query will show all the open alerts acknowledged by team member of email ID john.k@cyberithub.com.

status: open AND acknowledgedBy: john.k@cyberithub.com

Similarly, you can also search all the closed alerts acknowledged by a specific team member using below query. Below query will show all the closed alerts acknowledged by team member of email ID john.k@cyberithub.com.

status: closed AND acknowledgedBy: john.k@cyberithub.com