Saved Searches
What are Saved Searches?
Saved Searches in Spyderbat provide a convenient way to store your Search queries in one place, eliminating the need to reconstruct them each time. They also allow you to set up notifications via Email, Slack, PagerDuty, or Webhooks, ensuring you're notified with full context whenever the search criteria are met.
How to Use Saved Searches in Console
The Saved Searches page can be accessed from the "Search" section in the side panel. Saved Searches are incredibly simple to use. Here's a quick example to get you started in 4 steps.
Example Use Case: Monitoring new Cronjobs
Run a Query
Enter your desired query for Cronjobs, such as
metadata.name ~= "*"
. Saved Searches eliminate the need to repeatedly construct this query.Use the "Search" button to ensure it works as expected.
Running the query retrieves historical data based on past records, which may return matching records or no results if none are found.
Save the Query
Click the Save Search button.
Set Up Notifications
Once you save a search, a prompt like the one shown in the image will appear.
A default
Name
is generated, you could also provide a custom name for the Saved Search (e.g., "New Cronjobs Monitoring").Add an optional
Description
to clarify the query’s purpose.Toggle the Notification Status to "Enabled" if desired immediately. You can also turn this off anytime to stop receiving notifications.
Click Add Target to configure your preferred notification channels. You can add multiple targets per query.
Note that notifications are sent to the targets when new records matching the query are observed in real time.
Configure notifications to be sent through various channels, such as: Email, Slack, PagerDuty, Webhook.
Save the Configuration
Once all settings are configured, click Save.
After creating a saved search, you can view and manage it on the Saved Searches page. There, you can edit the conditions, run the query, enable or disable it, or delete it as needed.
Managing Saved Searches with Spyctl
Overview
Spyderbat's Spyctl offers a command-line interface to create, retrieve, and edit Saved Searches efficiently. This document provides a detailed guide on how to perform these actions.
Retrieving Saved Searches
To retrieve all existing Saved Searches, use the following command:
$ spyctl get saved-queries
This command lists all Saved Searches currently available in your environment.
Creating a Saved Search
The spyctl create saved-query
command allows you to define and save a new query. To see all available options, use:
$ spyctl create saved-query --help
Options:
-o, --output [yaml|json|ndjson|default]
-a, --apply Apply the saved query during creation.
-n, --name TEXT The name of the saved query.
-q, --query TEXT The query to be saved.
-d, --description TEXT A description of the saved query.
-s, --schema TEXT The schema of the saved query.
-y, --yes Automatically answer yes to all prompts.
Usage:
spyctl create saved-query [OPTIONS]
Example Command Usage:
$ spyctl create saved-query \
-n "Monitor Deployment with Replicas more than 5" \
-q "spec.replicas > 5" \
-s "Deployment"
Note that $spyctl search --list-schemas
command provides a list of all available schemas, helping you identify which Schemas that are accessible for querying.
Editing a Saved Search
To edit an existing Saved Search, use the spyctl edit saved-query
command. You need to provide the query ID or name as an argument.
$ spyctl edit saved-query <NAME_OR_ID>
Replace <NAME_OR_ID>
with the actual ID or name of the Saved Search you want to edit.
You should get "Successfully edited Saved Query 'query:id'"* after editing the YAML and applying the change.
Last updated
Was this helpful?