Alert including a host excluded in the query

I have an alert that selects all hosts with the name ‘prod*’ to report statistics of ongoing work. if any prod machine falls under 100 per minute i get an alert. I also have develop machines reporting same statistics to the same index. this machine hostname is of style ‘develop*’ depending on what is being tested. they add data here and there when something is tested so the data is very sporadic and never over 100.

the lucene query specifically lists all hostnames included in the style “AND hostname:(“prod1” OR “prod2” OR “prod3” OR “prod4” OR “prod5” OR “prod6”)” and then groups by said hostname. everytime a develop machine adds any data to this index it pops up in alerts creating an alert because obviously the number of processes is under 100.

i have tried excluding by hostname and built in gl2_remote_ip too but neither changed the end result. otherwise everything is working.

using grafana 10.3.1, opensearch plugin 2.15.4 (updated today) and elasticsearch

I figured a workaround: i added a transformation “filter by name” and took out the develop machine that way. i am expecting i need to do this for every develop machine when they pop up in the index… a bit tedious but at least it gives me alerts only when alerts are about the prod machines.