Are there any alert attributes (in the get alerts API) present that can help in fetching both the new and modified alerts (alerts with change in severity, alerts that got cleared etc). within a time interval. Basically we want to know how does LM notify if any alerts have been updated.
Most API endpoints, including the alerts list, have a filter capability where you can filter on the properties of the objects. Some properties you could use would be acked_epoch, start_epoch, and maybe end_epoch. I don't see any property that gives a timestamp of when the alert severity changed. It's too early in the morning and I can't remember if alerts change severity or if it's actually a new record in the alerts list (with its own corresponding epoch timestamps). I'll have to test it.
You'd use these as filters like this:
/alert/alerts?filter=startEpoch>:1617213624&filter=endEpoch<:1617213800
But you'd replace the numbers with the timerange filters you want. The ">:" and "<:" are "greater than or equal to" and "less than or equal to" respectively.
Thank you for the reply Stuart. We could use the endEpoch or the cleared attributes for finding if an alert is cleared. But I couldn't find a similar attribute to check if an alert got updated in terms of its severity, alertValue etc. I had checked a 1) warning alert, whose 2) alertValues were found to be changing for some amount of time and later when 3) the value was under the threshold the alert got cleared. In all the three scenarios the alertID was the same, which indicates it is the existing alert which got updated.
Can you please check on the scenario of alert severity changing, alertValues getting updated and a possible method to get notified about the same.
