This guide describes the steps to create and manage synthetic triggers.
Monq triggers allow you to process any events received by the monitoring system. It is possible to create a trigger from a template or write it from scratch using scripts written in the Lua language.
Triggers are processed in Monq as follows:
If you are looking for a description of the service methods and variables used in CT rules, go the Solutions.
To add a new Trigger, go to the Triggers section on the main menu and click «Add trigger». Fill in the general information in the dialog window: enter a name, select an owner workgroup, select a rule template, fill in the description, and click «Create trigger».
After you finish creating the trigger, you can edit the info you entered on the General tab of the trigger page.
When you create a new trigger, you can select one of the available templates for the trigger rule, which describes how the raw data is processed. When you pick a template, the rule's code and the filter's expression automatically fill in.
However, instead of specific values, the prefilter expression uses variables. To configure the variables, click the «Set execution variables» button and enter the values in the text fields. Once created, the trigger prefilter will immediately apply the defined values.
To control the amount of data that needs to be processed by the trigger, configure the Prefilter.
Prefilter is a type of rule by which the raw data is selected for the trigger's main rule proccesing. It is a boolean expression that supports basic logical operators and basic Lua functions. |
|Operator||Description||Examples of usage|
| ||NOT EQUAL|
| ||Greater or equal|
| ||Less or equal|
| ||In list|
| ||Regular expression|
It is allowed to group parts of an expression using
Comparison operators are case sensitive.
Objects of type
string must be enclosed in single quotes.
Escaping occurs via the
To configure the prefilter, enter its expression in the «Execution condition» text field of the «Rule configuration» tab. After making any changes to the expression, click «Apply» to save the result.
To configure the trigger's reaction to raw data reception, add the trigger's Rule.
A trigger's Rule is a Lua script that uses a set of service variables and methods to change the trigger's own state and enrich the raw data with additional fields.
The rule is run for every event received by the Monq system that passes the prefilter.
For implementation, only utility methods and classes of synthetic trigger rules are supported, for more details see Solutions.
To configure a trigger's rule, go to the «Rule configuration» tab – there is a code editor below the prefilter field. The editor stays blocked by default, to access it click the «Script Version» list and select the «New Version» or click the corresponding button in the lower left corner of the screen.
Paste your Lua script into the editor window or write it yourself. Next, you can check the code for syntax errors – click «Code check» – the validation log containing errors or success message will open under the «Code check» tab at the bottom of the editor. If the code is correct, press «Make Executable», and your script version will be used as the new trigger rule.
If you want to return the older version of the rule, click again «Script version» button and select an older version from the list.
After creating a valid prefilter and rules, you can debug the trigger with a simulation of the system receiving a raw data event.
To do this, go to «Condition debugger» on the left of the editor. Select a message template from the list of available ones and click «Fill template». In the opened editor window, specify the data to be checked by the prefilter. To use a customized template, select a «Custom template» and fill it with a new model and required data.
To use a customized template, copy the data model from the detailed view of the Raw Data screen.
Click the «Debug» button. The result will appear in «Debug terminal» at the bottom of the editor.
The «History» tab lets you review the history of all events related to the trigger.
To view the trigger log, use the filter. You can filter the event list by the following attributes:
When you find the event you need, click «Details» to view the detailed information about the event trigger.
If the events storage depth is configured in the "Data storage" block of the data stream, it is possible that event was deleted information is displayed.
Additionally, on the «Management» tab, you can: