Create triggers

Security Requirements and Controls

  • Create triggers permission

The documentation explains how to create triggers in LogScale, including step-by-step instructions for creating them from either the Triggers overview page or the Search page. Users with the 'Create triggers' permission can set up automated alerts by constructing queries, choosing appropriate trigger types (Filter, Aggregate, Scheduled search, or Legacy), and configuring properties through the Details panel, with the option to import triggers from templates or packages.

Triggers are constructed using queries and associated with one or more actions that will be triggered when the query runs. When creating a trigger, the type of trigger is suggested for you based upon the query. This adjusts which configuration options are available.

Create a trigger from the Triggers overview

  1. Go to the Repository and Views page.

  2. Select a Repository or View.

  3. Go to Automation and select Triggers. The full list of available triggers appears in the Triggers overview page:

    Triggers Overview

    Figure 195. Triggers Overview


  4. Click + New trigger to display the Search page in Creating new trigger mode.

    Simplified Search page

    Figure 196. Simplified Search page


    Note

    It is possible to create new triggers by importing them from a template or package. Click Import from in the menu on +New trigger.

    • Choose Template, then browse for or drag and drop a template based on an existing trigger.

    • Choose Package to invoke templates that are part of a LogScale library package.

  5. Type a query for your trigger and click Run.

  6. Fill in the Details side panel:

    New trigger details

    Figure 197. New trigger details


  7. Click Save to display the new trigger in the Triggers overview, see Figure 194, “Triggers Overview”.

For a description of all trigger properties in the side panel, see Trigger properties.