We have setup some Rules and Alerts that should trigger if we get error in our logs. In the mail that is sent when a rule is triggered it feels natural to include a link to Discover view with some filters setup and with the time interval that shows the error(s) that triggered the Rule+Alert.
We wonder if we're doing something fundamentally wrong because when adding some filters, the url to Discover view get so long that it sometimes exceed some limit that Outlook can handle.
Is it possible somehow to create a link to a Discover with some predefined filters that get a static, much shorter url that can be reused. The only thing we really want to vary is the time interval where we want to show only the interval where the errors appeared in our logs.
But can you generate a permalink through API or something since I need to create the link including the time interval containing the entries that triggered the rule. Not sure how that would be done. Haven't found anything about that in the documentation.
Yeah, that might not be currently possible. I'd imagine you could replace the time value and have the saved search just look back a set amount, but not sure. That might get you where you need to go.
Ok, using 7.x here, but it should probably work find in 8.x as well. From Discover you should be able to Share the snap shot, from there you'll see a "time" section in the URL. You'll want to set the "to" section to an absolute time and have "from" be relative. For example this would search from today at 17:00 to back 4 days.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.