APM Alert - Add filter to http codes

Hi, we are creating alerts under the APM Errors Interface, but we want to just filter the errors with http code 500 or more. The interface doesn´t have that option. Do you know any workaround to do this?

Thanks for your help.

Hi @Renzo_Joseph_Arenaza Welcome the community!

Yeah seem like the filter should be available there...

The Workaround today would be to use a DSL Query see here

Your query will be something like

GET apm-*/_search
{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "http.response.status_code": {
              "gte": 500
            }
          }
        }
      ]
    }
  }
}

Hi Stephen, thank you for your reply. It nice to see that there is an option.

I have one final question. I would like to add this filter just for one service. I know that the field is service.name. I've tried adding this value in the tags label but It hasn't worked. Do you know how to add this?

Regards.
Renzo

tags are just tags that are available for the alert output they do not filter.

Some alerts have a KQL filter (Kibana Query Language) others you build up with Conditions.

This is the Query DSL : You should probably look at this to understand Query DSL a bit

so then to select a particular service you query would like

{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "http.response.status_code": {
              "gte": 500
            }
          }
        },
        {
          "term": {
            "service.name": "my-service-name"
          }
        }
      ]
    }
  }
}
1 Like

Thank you very much @stephenb. We did what you suggested and it worked like a charm =D

1 Like