Settings

Tokens Available in LogicModule Alert Messages

When defining customized alert messages or integrating alert data with external systems (e.g. ticketing or chat systems), tokens are available to customize the message or integration delivery to the current condition. These tokens are substituted at the time of generation so that the alert or integration delivery can include dynamic information.

Next are lists of our currently supported tokens, primarily organized by LogicModule, and their substitutions:

Note: Any tokens that reference dates and/or times are based on the time zone configured for the global LogicMonitor account (Settings | Account Information | Portal Settings). They are not based on the time zone, if any, configured in the alert recipient's user account.

DataSources

  • ##ALERTID##: the LMDXXXX, LMSXXXX, etc. LogicMonitor alert ID
  • ##ALERTSTATUS##: Reports whether the alert is active, clear, ack, update, or test.
  • ##DATAPOINT##: the datapoint in alert. e.g. "PercentUsed"
  • ##DataSource##: the name of the DataSource + instance that is in alert. e.g. "WinVolumeUsage-C:\"
  • ##DATE##: the date this particular alert was sent. e.g "2014-05-02 14:21:40 PDT"
  • ##DSDESCRIPTION##: the description of the DataSource in alert, if available. Else returns null. E.g. "Monitors space usage on logical volumes."
  • ##DSIDESCRIPTION##: the description of the instance in alert, as defined by the Active Discovery method or as manually set in Manage Instances and Alerts, if available. Else returns null.
  • ##DPDESCRIPTION##: the description of the datapoint in alert, from the DataSource definition, if available. Else returns null. E.g. "Percentage Used on the volume"
  • ##GROUP##: the comma-separated string list of groups this device is a member of.
  • ##HOST## or ##HOSTNAME##: the display name of the device that is in alert.
  • ##HOSTDESCRIPTION##:   the text description of the device, if available. Else returns null.
  • ##DEVICEURL##:   the URL link associated with the device, if available. Else returns null.
  • ##INSTANCE##:  the name of the DataSource instance (e.g. "C:\").
  • ##INSTANCEGROUP##: the name of the group to which the alerting DataSource instance belongs.
  • ##LEVEL##: the error level (warn, error or critical) that currently applies to the alert.
  • ##START##: the time this alert condition started. E.g. "2014-05-02 14:21:40 PDT"
  • ##STARTEPOCH##: the time (in Unix epoch time) when this alert started. Useful for creating unique alert identifiers. E.g "1399065700000"
  • ##DURATION##: the length of time that the alert has been in existence for, at the time of alert notification creation. E.g. "1h 18m"
  • ##THRESHOLD##: the alert threshold that was applied to the alert.
  • ##VALUE##: the value of the datapoint at the time this alert was generated.
  • ##Device Property##: Substituted with the value of any device property (either a custom or a system property), by surrounding the proper name  in double hash marks.
  • ##AGENTID##: The ID of the collector that the device associated with the alert is assigned to
  • ##BACKUPAGENTID##: The ID of the failover collector configured, if one is configured, for the primary collector associated with the device
  • ##AGENT_DESCRIPTION##: The name (description) of the collector that the device associated with the alert is assigned to
  • ##BACKUPAGENT_DESCRIPTION##: The name of the failover collector configured, if one is configured, for the primary collector associated with the device
  • ##EXTERNALTICKETID##: A list of integration ticket Ids and the associated integration name for each, if any ticket Ids exist for the alert
  • ##END##: For alert clear messages, this token displays the cleared date and time

Websites

  • ##LEVEL##: The severity of the alert
  • ##WEBSITE##: The name of the website in alert
  • ##VALUE##: For an overall alert this will reference the number of checks that failed. For an alert at an individual location this will reference why the step failed (doesn't match HTTP response, doesn't include correct content, etc.)
  • ##CHECKPOINT##: The checkpoint associated with the alert (this value will be 'Overall' if the alert was triggered based on the checks at multiple locations)
  • ##START##: The time the check(s) first failed
  • ##DETAIL##: The details associated with the alert. For an alert notification at an individual location this will include the URL for the step that failed and the HTTP response for that step. For an overall alert this will include the number of checks that failed.
  • ##WEBSITEDESCRIPTION##: The description associated with the website
  • ##WEBSITEGROUP##: The group the website is in
  • ##URL##: The URL of website check that failed
  • ##EXTERNALTICKETID##: A list of integration ticket IDs and the associated integration name for each, if any ticket IDs exist for the alert
  • ##END##: For alert clear messages, this token displays the cleared date and time
  • ##WEBSITEREQUEST##: The full request sent at the time the alert was generated. This will function when alerting is configured for individual checkpoints, not for an overall status.
  • ##WEBSITERESPONSE##: The full response received at the time the alert was generated. This will function when alerting is configured for individual checkpoints, not for an overall status.

JobMonitors

  • ##HOST## or ##HOSTNAME##: The device that is in alert
  • ##HOSTDESCRIPTION##: The text description of the device
  • ##DEVICEURL##: The URL link associated with the device, if available. Else returns null.
  • ##DATASOURCE##: The JobMonitor name
  • ##BJDESCRIPTION## or ##DSDESCRIPTION##: The JobMonitor description
  • ##DATE##: The date of the job execution
  • ##INSTANCEGROUP## The name of the group to which the alerting instance belongs
  • ##CMDLINE##: The job command line
  • ##STDOUT##: The standard out returned from the job
  • ##STDERR##: Standard error returned by the job
  • ##USERDATA##: Other user data reported by the batch job
  • ##EXITCODE##: Exit code of the job
  • ##LEVEL##: The current alert level
  • ##START##: Time the alert started
  • ##FINISH##: Time the job finished
  • ##GROUP## Groups this host is a member of.
  • ##STARTEPOCH##: The time (in unix epoch time) when this alert started. Useful for creating unique alert identifiers.
  • ##AGENTID##: The ID of the collector that the device associated with the alert is assigned to
  • ##BACKUPAGENTID##: The ID of the failover collector configured, if one is configured, for the primary collector associated with the device
  • ##AGENT_DESCRIPTION##: The name (description) of the collector that the device associated with the alert is assigned to
  • ##BACKUPAGENT_DESCRIPTION##: The name of the failover collector configured, if one is configured, for the primary collector associated with the device
  • ##EXTERNALTICKETID##: A list of integration ticket Ids and the associated integration name for each, if any ticket Ids exist for the alert
  • ##END##: For alert clear messages, this token displays the cleared date and time

Cluster Alerts

  • ##EXTERNALTICKETID##: A list of integration ticket Ids and the associated integration name for each, if any ticket Ids exist for the alert
  • ##DATASOURCE##: the name of the DataSource + instance that is in alert
  • ##DATAPOINT##: the name of the Datapoint that is in alert
  • ##DATE##: the date the alert was triggered
  • ##VALUE##: the value of the datapoint at the time this alert was generated.
  • ##LEVEL##: the alert severity level
  • ##START##: The time this alert condition started
  • ##END##: For alert clear messages, this token displays the cleared date and time
  • ##DURATION##: For how long this alert has been in existence
  • ##GROUP##: Shows groups this host is a member of.
  • ##ALERTID##: LogicMonitor alert ID, formatted as LMDXXXX, LMSXXXX, etc.

EventSources

  • ##DATE##: Date the alert message was generated. This will be the time this particular alert was sent.
  • ##DURATION##: How long this alert has been in existence so far.
  • ##HOST## or ##HOSTNAME##: Substituted with the device that is in alert.
  • ##HOSTDESCRIPTION##:  The text description of the device.
  • ##DEVICEURL##:   the URL link associated with the device, if available. Else returns null.
  • ##EVENTSOURCE## or ##DataSource##: The eventsource that triggered the alert.
  • ##LEVEL##: The defined level of the event (warn, error, critical.)
  • ##START##: The time this alert condition started.
  • ##VALUE##: The entire event message (the complete windows event log event, or complete IPMI event log, or SNMP trap contents)
  • ##LIMITEDMESSAGE##: The first 10 words of the event message.
  • ##GROUP##: Shows groups this host is a member of.
  • ##STARTEPOCH##: The time (in unix epoch time) when this alert started. Useful for creating unique alert identifiers.
  • ##AGENTID##: The ID of the collector that the device associated with the alert is assigned to
  • ##BACKUPAGENTID##: The ID of the failover collector configured, if one is configured, for the primary collector associated with the device
  • ##AGENT_DESCRIPTION##: The name (description) of the collector that the device associated with the alert is assigned to
  • ##BACKUPAGENT_DESCRIPTION##: The name of the failover collector configured, if one is configured, for the primary collector associated with the device
  • ##EXTERNALTICKETID##: A list of integration ticket Ids and the associated integration name for each, if any ticket Ids exist for the alert
  • ##END##: For alert clear messages, this token displays the cleared date and time

Windows Event Log Tokens

For Windows Event Log events, the following specific tokens are available:

  • ##EVENTCODE##: Windows event ID.
  • ##TYPE##: The event level (error, information, etc) as reported by Windows.
  • ##MESSAGE##: The event log message
  • ##USER##: The user associated with the event, if any, as reported by Windows.
  • ##LOGFILE##: The Windows event log file (System, Application, Security, etc)
  • ##SOURCENAME##: The Windows source subsystem (e.g. Microsoft-Windows-DistributedCOM)

IPMI Event Tokens

For IPMI Events, the additional available tokens are:

  • ##MESSAGE##: The IPMI Event log message (e.g. "BMC  Power Supply 0x65 AC Lost")
  • ##DATE##: The time of the event (As reported by the IPMI event log) in human format.
  • ##TIMESTAMP##: The time of the event in the system event log in epoch format.

SNMP Trap Tokens

For SNMP Trap events, the additional tokens are:

  • ##TRAPOID##: Trap identification for v2c traps.
  • ##ENTERPRISEOID##: The ID of the collector that sent the trap (v1 traps only)
  • ##SYSUPTIME##: The uptime of the snmp collector sending the trap
  • ##GENERALCODE##: The snmp general code in trap. (v1 traps only)
  • ##SPECIFICCODE##: The specific code in the trap (v1 traps only)

Syslog Event Tokens

For Syslog events, the additional tokens are:

  • ##FACILITY##: The syslog facility of the event
  • ##MESSAGE##: The body of the syslog message

Integrations

When integrating alert data with external systems such as ticketing or chat systems, you can use the various LogicModule-specific alert message tokens listed in this support article, as well as the tokens listed next. The following tokens are available for pre-built integrations, custom HTTP delivery integrations, and custom email alert delivery integrations.

  • ##ADMIN##. The user the alert was escalated to.
  • ##MESSAGE##. The rendered text of the alert message. This token will also pass all relevant acked information (e.g. the user that acknowledged the alert, ack comments, etc.).
  • ##ALERTTYPE##. The type of alert (i.e. alert, eventAlert, batchJobAlert, hostClusterAlert, websiteAlert, agentDownAlert, agentFailoverAlert, agentFailBackAlert, alertThrottledAlert).
  • ##EXTERNALTICKETID##. The ticket identifier, as created and returned by the external system.