Alerts On Logs
Alerts can be configured from log data from the Search Page. if we want to get alerted on a line of log that is of interest, the user can directly create an alertable event from the log line.
On clicking the
on the log line, user can open the log2Metric event rule editor. Refer to Metrics And Custom Indices section on how to configure log2Metrics. Alert Configuration is available on the third section of log2Metrics modal.

Creating an alertable event

Fields

  • Name: A name for the alert, should be alphanumeric.
  • Destination: This is a user-specified selection where the alerts will be delivered. Only user-defined alert destinations will be available for selection. User can configure alert destinations in the Alert Destinations Section
  • Operation: One of the comparators: > >= < <= == != =~ !~
  • Occurrences: number of times the event must occur, must be a valid number.
  • Period: time over which the event occurred, e.g, 5m, 10m, 1h, 1d, 1w. Period should be greater than 5m (300s) and should be greater than or equal to Refresh schedule.
  • Rearm: how frequently you will receive notifications when your query meets the Alert criteria and does not change, must be a valid number (seconds) minimum 300 seconds.
  • Refresh Schedule: how frequently the query needed to be refreshed in seconds, must be a valid number.
  • Until: select when to stop the alerts. If not selected, the alert will never expire.
All the alert rules created can be accessed on the Active Rules page.

Viewing Alerts

All the configured alerts are viewable when navigating to the alerts tab. An Individual alerts' configuration can be edited on this page
Clicking on the configured alert will open up the respective alert page where it can be modified further for e.g. change the alert rearm duration, add additional alert destinations etc.
LOGIQ includes alerts from it's Prometheus alert manager instance that is included with the LOGIQ install. NOTE that the editing of the Prometheus alert rules cannot be done via the UI and must use alert manager CRD's to change those alert rules.
Export as PDF
Copy link
Edit on GitHub