Automations

Automations and their use allows users to automate tasks within LogScale, including queries and notifications, reducing a user's "hands on" time and providing consistency.

Triggers

Triggers act as a way for users to produce certain actions when a query generates a result. There are four types of triggers:

  • Scheduled searches

  • Aggregate alerts

  • Filter alerts

  • Legacy alerts

Scheduled Searches

Scheduled searches are static queries that run on a schedule. At a set interval, the query runs, and any result triggers one or more actions that are set by the user.

Aggregate Alerts

Aggregate alerts are based on aggregating queries within a search interval and can be run concurrently, in such a way that no time interval is overlooked or checked twice.

Filter Alerts

Filter alerts are based on non-aggregate queries, and are designed to trigger an action when a live query filters an event.

Actions

Actions are the user-defined, automated outcome of triggers, and notify users or administrators of an issue.

Action Types

  • Email

  • Falcon LogScale Repository

  • OpsGenie

  • PagerDuty

  • S3

  • Slack

  • Lookup File

  • VictorOps (Splunk On-Call)

  • Webhook