Saved Searches

What are Saved Searches?

Saved Searches in Spyderbat provide a convenient way to store your Search queries in one place, eliminating the need to reconstruct them each time. They also allow you to set up notifications via Email, Slack, PagerDuty, or Webhooks, ensuring you're notified with full context whenever the search criteria are met.

How to Use Saved Searches in Console

The Saved Searches page can be accessed from the "Search" section in the side panel. Saved Searches are incredibly simple to use. Here's a quick example to get you started in 4 steps.

Example Use Case: Monitoring new Cronjobs

1. Run a Query

   • Enter your desired query for Cronjobs, such as metadata.name ~= "*". Saved Searches eliminate the need to repeatedly construct this query.

   • Use the "Search" button to ensure it works as expected.

   • Running the query retrieves historical data based on past records, which may return matching records or no results if none are found.
2. Save the Query

   • Click the Save Search button.
3. Set Up Notifications

   • Once you save a search, a prompt like the one shown in the image will appear.

   • A default Name is generated, you could also provide a custom name for the Saved Search (e.g., "New Cronjobs Monitoring").

   • Add an optional Description to clarify the query’s purpose.

   • Toggle the Notification Status to "Enabled" if desired immediately. You can also turn this off anytime to stop receiving notifications.

   • Click Add Target to configure your preferred notification channels. You can add multiple targets per query.

   • Note that notifications are sent to the targets when new records matching the query are observed in real time.

   • Configure notifications to be sent through various channels, such as: Email, Slack, PagerDuty, Webhook.
4. Save the Configuration

   • Once all settings are configured, click Save.

After creating a saved search, you can view and manage it on the Saved Searches page. There, you can edit the conditions, run the query, enable or disable it, or delete it as needed.

Managing Saved Searches with Spyctl

Overview

Spyderbat's Spyctl offers a command-line interface to create, retrieve, and edit Saved Searches efficiently. This document provides a detailed guide on how to perform these actions.

Retrieving Saved Searches

To retrieve all existing Saved Searches, use the following command:

$ spyctl get saved-queries

This command lists all Saved Searches currently available in your environment.

Creating a Saved Search

The spyctl create saved-query command allows you to define and save a new query. To see all available options, use:

$ spyctl create saved-query --help

Options:
  -o, --output [yaml|json|ndjson|default]
  -a, --apply                     Apply the saved query during creation.
  -n, --name TEXT                 The name of the saved query.
  -q, --query TEXT                The query to be saved.
  -d, --description TEXT          A description of the saved query.
  -s, --schema TEXT               The schema of the saved query.
  -y, --yes                       Automatically answer yes to all prompts.

Usage:
  spyctl create saved-query [OPTIONS]

Example Command Usage:

   $ spyctl create saved-query \
     -n "Monitor Deployment with Replicas more than 5" \
     -q "spec.replicas > 5" \
     -s "Deployment"

Note that $spyctl search --list-schemas command provides a list of all available schemas, helping you identify which Schemas that are accessible for querying.

Editing a Saved Search

To edit an existing Saved Search, use the spyctl edit saved-query command. You need to provide the query ID or name as an argument.

$ spyctl edit saved-query <NAME_OR_ID>

Replace <NAME_OR_ID> with the actual ID or name of the Saved Search you want to edit.

You should get "Successfully edited Saved Query 'query:id'"* after editing the YAML and applying the change.