The bar at the top of the results view has several features that will help you manage and view alerts.
The filter selection allows you define attributes to show in the result view. For instance, you can make a filter that shows active alerts for process events on a particular host as shown below.
Results fields can me exactly matched or wildcard matched depending on what you want to see.
The column selector allows you to activate or deactivate columns from view depending on what is important to you.
You can export the high-level rows of events into CSV format with the export button. Select the alerts you want to export and a CSV file will be created with the available columns.
If you want the raw JSON data for each alert, you will need to click on the alert specifically to save the data.
Presets are defined result views to get to Alerts, Pass and Error events immediately. You can select these presets without needing to build a manual filter and are a convenience feature. Select the option you want and only those results will be shown.
We Hate False Alarms
We have taken great pains to make Sandfly as false-alarm free as possible. If you are experiencing a true false-alarm situation with Sandfly, please contact us with the details so we can look into what it is. We may be able to correct the situation for you so in the future you won't be bothered with it any more.
Updated 2 months ago