Actions

LogScale alerts can be set to trigger various acts, such as informing an administrator of a potential problem with your servers. Said another way, an action is a module that can be invoked from a trigger. A trigger runs a query in LogScale, and if the query result contains any events, these are sent to the action. Triggers can be either Alerts or Scheduled Searches.

There are several tools and incident management platforms that may be used to get notified of a potential problem or to bring a situation to someone's attention.

LogScale currently supports the following tools and action types:

  • Email

    This a built-in Email action.

  • OpsGenie

    You can integrate OpsGenie with LogScale so that triggered alerts can send emails or SMS messages, or other notifications.

  • PagerDuty

    With this alternative service, notifications can be sent automatically by phone call, SMS, push notifications and emails. Which type of action taken can be determined based on the alert triggered and other factors like the severity of the alert, the day of the week or time of day.

  • Postmark

    This is an email delivery service that may be integrated with LogScale to send messages to specific members of your staff, depending on which alert is triggered and when it happens — in relation to the on-call schedule of your people.

  • Slack

    Slack is a popular internal chat system for many organizations. LogScale can be set to sent messages to your company's Slack account, to the chat room of your choice.

  • Upload File

    This action allows to upload the trigger events as a CSV file in LogScale.

  • VictorOps (Splunk On-Call)

    Another system for notifications with on-call scheduling, VictorOps may be accessed by an alert when triggered.

  • Webhooks

    Can perform an HTTP(S) request to any URL and can therefore be used to integrate third-party services.

  • Falcon LogScale Repository

Configuring an Action

  1. Go to the Repository and Views page.

  2. Select a Repository or View.

  3. Click the Alerts tab on the top bar of the User Interface

  4. Select Actions from the menu on the left

  5. Click + New Action

  6. In the New actiondialog popping up, enter a name for the action and choose how to create it:

    • Empty action to create a new empty action from scratch, then click Continue

    • From template to browse for or drag and drop a template based on an existing action, then click Continue

    • From package to invoke action templates that are part of a LogScale package, then click Create action

  7. Select the desired Action Type from the drop-down list and fill in the required fields, which vary according to the different action types that are supported.

  8. When you're finished setting the properties for the new action, click Create Action.

LogScale uses message templates and variables to create the messages sent by actions. They currently apply to some of the available action types — see Message Templates and Variables for more information.

Custom Actions

If the built-in actions are not enough and you need to make something custom, LogScale supports action types that allows you to call an external service with HTTP. You can add headers and customize the body of the message as described in Webhooks.