Nagios Support Forum

after setting up an alert if you update the query and click on the icon to view in dashboard it loads the original query,

to reproduce this is the steps that I took


create a query which just says "NagiosIsPrettyMuchPerfectExceptTheBugs"
save it call it "Idotheneedful"
create an alert
select the query that you created
save it

run it
then update the query, change the string to show "NagiosHasNoBugsPERIOD."
go back to alerting
edit the alert
choose advanced (manage query)
choose the "idotheneedful" query from the dropdown
save it

from the actions on the right side click the dasboard button for the alert you just created

wow its reporting alternative facts or fake news

We'll call it an "Alternative Feature". As it stands, when an alert is initially created it's importing the current value of the query you select (in a pass by value fashion, rather than pass by reference). This is by design and prevents people doing silly things like deleting their queries and messing up their alerts. One could also argue the contrary and say that alerts not being updated when I adjust my query is silly; Of course I want my alerts updated when I change the query!

I talked with the devs about this, and it's probably something we'll change with NLS 2.0 to be a bit more clear one way or the other.

I understand that the alert copies the query to the alert,

but after updating the query and loading it into the alert using the manage query function the alert operates fine, however if you click on the "show alert in dashboard" button shows the ORIGINAL query not the query being executed by the alert

Ah, that's a limitation of some Javascript we leverage on the back-end to load Kibana dashboards. It can't accept an actual Elasticsearch query (strictly speaking, though there's caveats), just a reference to one defined in the database. Alert objects hold their own queries like so:

http://pastebin.com/aRhTXvus

I'll include this consideration though when writing notes about the broader problem.