Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
Log alerts are alert conditions based on log events and log pipelines. These alert conditions use regular expression patterns to match ingested logs and trigger LogicMonitor alerts to send you notifications when these log events or anomalies occur.
With log alerts, you can speed up your investigation by adding alert conditions to track the logs you always want to know about or creating alerts on a detected anomaly.
On the Logs page, click the Pipeline Alerts icon to open the Alert Conditions page where you can review and manage your alert conditions. You can also manage pipeline alerts directly from the Pipelines page.
You can create alert conditions directly from any log event or anomaly listed in the Logs page or from the Pipelines and Pipeline Alerts pages.
1. (Required) Select a Pipeline to apply the alert condition.
Note: You will not be able to create a log alert if you don’t have at least one log pipelines. This is a known issue and will be fixed in an upcoming release.
2. (Required) Supply a Regular expression. This regex pattern will be used to match the logs that will trigger the alert.
Note: The regular expression is expected to follow standard Perl and Python syntax. For more information see the RE2 syntax described here.
3. Paste a log message sample to test the regex from Step 2.
4. Choose the type of alert severity level to Generate when the conditions are met (Critical, Error, Warning) and enter a display name. By default the display name will autofill with the Regular Expression from Step 2.
5. For Clear after, enter a time in minutes that the alert will persist.
6. Check Acknowledge, if you want the alert to be acknowledged before it clears.
7. Toggle Active/Enabled to activate the alert condition.
8. Click Add to save the alert condition.
When you return to the Alert Conditions page, you can review the alert you created in the table.
When log alerts conditions are matched, they trigger standard LogicMonitor alert notifications based on the alert settings (Critical, Warning, Error) and will route through the configured escalation chain.
You can also:
Each pipeline can have no more than 15 alerts per minute. If the rate of alerts exceed this limit, they will be discarded and not processed.
In This Article