Creating a New Alert

Alerts are constructed by using queries that finds events you want to be alerted, that returns results about which you want to be notified or have some other action taken.

  1. Go to the Repository and Views page.

  2. Select a Repository or View.

  3. Click the Alerts tab on the top bar of the User Interface

  4. Click + New Alert

    Creating Alert from Tab

    Figure 164. Creating Alert from Tab

  5. In the New alertdialog popping up, enter a name for the alert and choose how to create the alert:

    • Empty alert to create a new empty alert from scratch

    • From template to browse for or drag and drop a template based on an existing alert

    • From package to invoke alert templates that are part of a LogScale package

  6. Provide the information required in the New alert page:

    • General— you may change the name and enter a description that says more specifically what causes the alert to be triggered, or you can disable the alert, see Disabling an Alert.

    • Query — Type the query that generates the alert, and specify a time window for the query.

    • Actions — you may want to add an action for LogScale to take when the alert is triggered, if you have one that's suitable for this alert. See more information at Actions. Or, you can skip it and add the action later.

    • Throttling — choose the throttling period for this alert. Learn more on throttling at Setting Alert Throttle Periods.

    Setting Alert Properties

    Figure 165. Setting Alert Properties

  7. When you're done setting the properties for the new alert, click Save Alert.

You can also convert a query you've just typed to a new alert, this way:

  1. Go to the Search tab on the top bar of the User Interface.

  2. Type the query you need for your alert.

    In the example query shown in Figure 166, “Creating Alert from Query” we're searching for events in which the web server recorded a log level equal to ERROR.

    Notice that the time period for the query is set to a live, continuous data range — not static data. You don't need a query to alert you to something that already happened when you created the alert. You generally need to be alerted about events that happen afterwards.

  3. Click Save near the top right and choose the Alert option.

  4. Provide the information required in the Save as alert page, which is similar to the one for alerts created from the Alertstab, see Figure 165, “Setting Alert Properties”.

  5. When you've finished setting the properties for the new alert, click Save Alert.

    Creating Alert from Query

    Figure 166. Creating Alert from Query