Alerts and Saved Searches Best Practices | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Alerts and Saved Searches Best Practices

Make sure to follow the general best practices for the LogScale Query Language described here Writing Better Queries. This will minimize system load and ensure optimal performance of the service. Careless or inefficient queries can cause performance issues.

Alert Labels

Alerts can have labels attached to them which are displayed next to the Alert name in the list of Alerts and are searchable. This can be a useful way to tag the alert with meaningful data and to help when trying to locate Alerts with a certain tag.

For example the corelight/threathuntingguide package uses Labels to show the ATT&CK tactics and techniques that each Alert covers.

Enter search term