Search syntax for incidents
Fields
You can use field:value combination with most of incident fields.
Condition | Description |
|---|---|
createdAt : 1470394841148 | Unix timestamp in milliseconds format. (1470394841148 -> Fri, 05 Aug 2016 11:00:41.148 GMT) |
id : b9a2fb13-1b76-4b41-be28-eed2c61978fa | Id of the incident. |
tinyId : 28 | Short id assigned to the incident. Be careful, using this field is not recommended because it rolls. |
message : Api is down | string |
description : Monitoring tool is reporting that | string |
status : open | open | resolved | closed |
priority : P1 | P1 | P2 | P3 | P4 | P5 |
teams : team1 | Name of the owner team |
services : service1 | Name of the service |
tag : urgent | string |
actions : restart | string |
details.key : impact | string |
details.value : external | string |
postmortemRequired : true | true | false |
postmortemStatus : draft | draft | in-review | published | no-postmortem |
postmortemPublishDueDate : 1470394841148 | Unix timestamp in milliseconds format. (1470394841148 -> Fri, 05 Aug 2016 11:00:41.148 GMT) |
Condition Operators
In addition of : exact match operator; you can also use <, <=, > and >= operators.
Examples |
|---|
createdAt < 1470394841148 |
Logical Operators
You can combine multiple value(s) by using AND and OR operators. Just don't forget to wrap them with ( ) parentheses.
Example | Description |
|---|---|
message: (lorem OR ipsum) | message field contains "lorem" or "ipsum" |
description: (lorem AND ipsum) | description field contains both "lorem" and "ipsum" |
Also you can combine multiple condition(s) by using AND and OR operators.
Examples |
|---|
message: lorem AND createdAt < 1470394841148 |
message: (lorem OR ipsum) AND createdAt < 1470394841148 |
status: open AND (createdAt < 1470394841148 OR entity:lipsum) |
Use the NOT search query to disqualify search results for a certain value.
Examples | Description |
|---|---|
message: NOT lorem | message field does not contain lorem |
status: NOT open | status of incident results are not open, i.e, closed or resolved |
Asterisk (*) Wildcard Usage
Asterisk (*) character can be used as a substitute for any of a class of characters in a search. It is often used in place of one or more characters when you do not know what the real character is or you do not want to type the entire name. If you are looking for an incident that you know "message" field starts with "lorem" but you cannot remember the rest of the field, type the following:
Examples |
|---|
message: lorem* |
lorem* |
Was this helpful?