Event and alert filtering matters because alert fatigue is one of the most crucial issues in alerting and alert management. SIGNL4 implements a lightweight and effective way of filtering events. The overall process is based on alert categories. Alert categories are applied using a keyword search across the entire payload of incoming third-party events. But assigning alert categories, e.g. for alert augmentation, is not filtering.
To enable an effective event filtering, check out these three fundamental tips:
1. Enabling the whitelist keyword filter
SIGNL4 can filter incoming events (received by email, webhook or REST API). This is handled through a keyword whitelist filter. The keyword whitelist is comprised from all keywords of all Signl categories.
How does a keyword whitelist work? Once enabled, the whitelist filter will only let 3rd party events pass and be turned into alerts going out to your team, when the content of the event contains at least one of the keywords in your whitelist (i.e. if at least on category matches). An event which payload does not contain any keyword of your list, will be ‘blocked’ and not turned into an alert signl.
To enable keyword whitelisting, switch on the according toggle for each team under: https://account.signl4.com/manage/Category
Received events which get filtered out and do not raise an alert notification flow, are still visible in the event journal (accessible through https://account.signl4.com/manage/Signls ). They are marked with a “Filtered” status.
2. Create a blacklist filter
As described above, there is native whitelist keyword filter built into SIGNL4. But how about a blacklist filter? A blacklist filter will block any incoming 3rd party event if it contains one of your keywords listed in the blacklist.
With a little hack, you can create a keyword blacklist and apply it as a filter the following way:
1. Create an alert category named ‘blacklist’ for your team: https://account.signl4.com/manage/Category
2. In the keyword section of this category, add all your blacklisted keywords and combine it with OR, i.e. choose ‘Any’
3. Now, either have all users manually opt-out from this category or if you are on a paid plan with the ‘assignment’ feature, opt out your users via the Assignment tab, so that the ‘no signls’ symbol is shown for all users.
4. Check if no user is subscribed to your ‘blacklist’ category, i.e. no user will receive Signls for any incoming event containing any of your blacklist keywords.
3. Applying keyword search to dedicated event parameters
Keywords are used to find a matching alert category which is then used to enrich an alert with colors, icons, push sounds, maps and so on. Alert categories can also be used to route alert to dedicated staff, to hide alerts or to prevent incoming events from being turned into alerts (keyword whitelist filtering).
By default, SIGNL4 scans the entire event content for matching keywords. It can then apply an ‘AND’ or ‘OR’ logic operator. This approach is little bit broad.
However, it is possible to work more precisely by telling SIGNL4 to match keywords only for named event parameters. Instead of searching the entire event payload for a keyword ‘ABC’ you can restrict the keyword search for a single event parameter, like the subject of an email event using the following syntax when defining a category keyword: ‘subject ABC’.
So, you simply use the parameter name, a space and then the keyword you want to search for. This also works for custom parameters of your payload. So, if you webhook call payload contains a parameter named ‘param1’ you would use the keyword definition syntax ‘param1 ABC’ to only search in param1 for keyword ABC.
This facilitates a much more precise keyword matching and whitelist filtering algorithm. Here is a sample screenshot:
These three tips make for an effective filtering algorithm. If you need more capabilities, please feel free to contact us and we are happy to consider your feedback in our feature pipeline planning.
