Edit HTTP alert



I’ve assigned the “HTTP Error” alert to some web servers, and am getting this repeatedly:
extrahop.device.uri_http_server_detail stats:

int4dws/4DSOAP/: 1

extrahop.device.http_server_detail stats:

Turns out, this app we’re monitoring is coded to return a SOAP fault if it has no data to give the application. How can we ignore this? Below is the alert. We’re on 4.1 still, if that matters.


If this application is truly returning a 4XX / 5XX response code for ‘no data’, It is possible to filter metrics to exclude certain conditions via a trigger and then Alert on the custom metric.

Here is a quick example that would filter out uri that contain SOAP. It would hopefully get you started:

if( HTTP.uri.indexOf('SOAP') > -1 ) {

var statusCode = HTTP.statusCode;
if(statusCode) {
    Flow.server.device.metricAddCount('noSOAP_Responses', 1);
    if(statusCode >= 400 && statusCode <= 599) {
        Flow.server.device.metricAddDetailCount('noSOAP_Responses_Errors',statusCode.toString(), 1);


So I know I can use the above example (thank you for that) to create a trigger. However, when I attach said trigger (watching HTTP.response to the device throwing the 500’s, even after it throwing the error multiple times, nothing shows in the runtime log. What am I doing wrong?


The runtime log only shows messages committed by the log and debug functions. Do you see the metrics showing up when you try to create a chart on your dashboard?