Create Triggers

Security Requirements and Controls

  • Create triggers permission

The documentation explains how to create triggers in LogScale, including step-by-step instructions for creating them from either the Triggers overview page or the Search page. Users with the 'Create triggers' permission can set up automated alerts by constructing queries, choosing appropriate trigger types (Filter, Aggregate, Scheduled search, or Legacy), and configuring properties through the Details panel, with the option to import triggers from templates or packages.

Triggers are constructed using queries and associated with one or more actions that will be triggered when the query runs. When creating a trigger, the type of trigger is suggested for you based upon the query. This adjusts which configuration options are available.

Create a trigger from the Triggers overview
Security Requirements and Controls

  • Create triggers permission

  1. Go to the Repository and Views page.

  2. Select a Repository or View.

  3. Go to Automation and select Triggers. The full list of available triggers appears in the Triggers overview page:

    Screenshot of the Triggers overview page displaying a table with columns for trigger names, types, status indicators, last executed timestamps, and filter options in the sidebar for managing automated alerts and scheduled searches

    Figure 132. Triggers Overview


  4. Click + New trigger to display the Search page in Creating new trigger mode.

    Screenshot of the Search page in Creating new trigger mode showing the query editor, time interval selector, and Details panel where you can configure trigger properties such as name, description, and alert type

    Figure 133. Simplified Search page


    Note

    It is possible to create new triggers by importing them from a template or package. Click Import from in the menu on +New trigger.

    • Choose Template, then browse for or drag and drop a template based on an existing trigger.

    • Choose Package to invoke templates that are part of a LogScale library package.

  5. Type a query for your trigger and click Run.

  6. Fill in the Details side panel:

    Screenshot of the New trigger panel displaying fields for trigger name, description, labels, query type selection with Live and Scheduled search options, alert type dropdown, and configuration settings for time window and actions

    Figure 134. New trigger details


  7. Click Save to display the new trigger in the Triggers overview, see Figure 138, “Triggers Overview”.

For a description of all trigger properties in the side panel, see Trigger Properties.