This update introduces an effective mechanism for event filtering to SIGNL4. You can now use the keywords of your ‘services & systems’ categories as a whitelist. If you enable this keyword whitelist, SIGNL4 performs a keyword search across all parameters and content of a received event (e.g. received by email or webhook). It will then only let events pass where the content contains at least one keyword of any category.
Basic principle
So imagine you have defined a category named ‘Windows Servers’ containing the server names of your network like S1, S2, S3. Now, your monitoring sends critical events to SIGNL4. Only if event data (e.g. the email subject & body, or JSON payload of a webhook call) contain ‘S1’, ‘S2’ or ‘S3’, SIGNL4 will process the event and turn it into a critical alert SIGNL to anybody who is in charge and on call/on duty.
Please, note that those keyword whitelist work according to an ‘OR’ principle. Only one keyword needs to match to have SIGNL4 process the incoming event.
How to enable event filtering
To activate on event filtering based on your categories keyword whitelist, go to the SIGNL4 account management portal of your team. Go to ‘My Team’ and switch on ‘Filter events/SIGNLs’.
Once you enable event filtering, the portal page will display all keywords from all of your created categories. Move the mouse pointer over a keyword to see to which categorie it belongs.
Changing keywords
As of today, you can change, add or remove keywords in the mobile app only. Simply go to ‘Settings’ on the mobile app dashboard->Services & Systems, open the category and scroll down to change the keywords.
Filtered events
Any event that is filtered out will not be turned into an alert/SIGNL4. So, it won’t be visible in the mobile app. However, it will be protocolled in the ‘alerting&response’ audit trail of SIGNL4 (downloadable CSV file):
