Automation & Alerts
Automating searches and responses; creating alerts and notifications for events
LogScale allows you to automate query running and get notified when certain events occur. This can be done thanks to the following functionalities.
You can create alerts that execute queries and trigger actions. Alerts are live queries; queries that are continually run and that trigger an alert when the query returns results. Using alerts enables automatic notification when a query matches the configured search. This can be used, for example, to notify of excessive network connections, or when a specific error is identified in an ingested log file, the trigger is based on the query that is executed by the alert. Alerts trigger one or more Actions. For more information on alerts, including how to create, manage, and monitor alert execution, see Alerts.
Scheduled Searches are queries on a regular interval. When the scheduled search returns results, one or more Actions are triggered. Unlike Alerts, scheduled searches are only run according to the configure schedule which can be set on an interval from 1 minute to years. See Scheduled Searches for more information.
When an alert or scheduled search is triggered, it initiates an action, which could include sending someone a message about a problem on the servers, logging it to another system, or performing some other action. See Actions for more information.