Alert rule context queries provide the capability to define queries based Alert metadata. These queries can be used to retrieve additional information related to an alert.

Alert rule context queries can be defined for each alert using the following navigation path

Alert Rules -> Select the Alert rule of interest -> Scroll to the bottom of the page.

Note : Query parameters (including default parameters) must be explicitly added before they can be used as part of a context query.

Following are standard / default parameters available for all alerts. Note :  Default parameters should be explicitly added as well.

• assetId (Text)
• alertTime (Date)
• key (Text)
• value (Text)
• lastOccurredAt (Date)

Other parameters can be defined using the names of fields in the alert metadata. 

If using the "pid" field, note it is of type NUMBER. 

To add a context query to an alert rule :

• Navigate to alert rule details page
• Scroll down to Context query section
• Click "Add" button in the Context query section
• Click "Manage Parameters" button on the top right corner and add standard parameters or alert rule specific metadata parameters (e.g. assetId)
• Formulate a query based on parameters defined above. e.g. SELECT last_activity_at FROM upt_assets WHERE id = :assetId  
• Values can be provided for these parameters for testing purposes only. Any values provided are not saved.
• Click "Save" button and provide a query name.

Tips :

   A upt_day filter on large event tables is always recommended for performance: 

          upt_day = CAST(date_format(:alertTime, '%Y%m%d') AS INTEGER)

   An additional filter can be used to limit returned rows to within several minutes of the alert:

        upt_time BETWEEN (:alertTime - interval '2' minute) AND (:alertTime + interval '2' minute)

Context query related data is displayed on the Alert Detail screen in the tab labeled "Alert Context"

Context queries are saved queries. They can be viewed / edited on the investigate page.