Create a logs alert

Log monitors generate alerts when a specified a specific pattern or condition is detected within log data — when something unusual or potentially problematic happens within the system, based on information recorded in logs.

To create a log alert, complete these tasks:

Start defining a log alert

  1. In the Alerts interface, click Creae New Alert (Create New Alert).

  2. In the initial interface for creating alerts, Kloudfuse guides you to select the appropriate alert type.

    Choose Log.

  3. The Create Log Alert interface appears.

Step 1 Pick log metric

  1. Click the initial text field a (a) to Search logs.

  2. The log search interface appears.

    Examples on how to search:

    Equals

    =

    Matches exact values for facets.

Not Equals To

!=

Excludes entries where the facet has a specific value.

Greater than

>

Checks if the first facet’s value is greater than the second facet’s value; for numerical facets.

Less than

<

Checks if the first facet’s value is less than the second facet’s value; for numerical facets.

Greater than or equal to

>=

Checks if a numerical facet’s value is greater than or equal to a specified value.

Less than or equal to

<=

Checks if a numerical facet’s value is less than or equal to a specified value.</dd>

NOT

!

Negates a search term.

FacetTermsExist

==

Searches for terms within a facet.

FacetTermsDoNotExist

!==

Negates FacetTermsExist.

Contains

**

Finds logs where a facet value contains the specified text.

Regex

=~

Regular expression equals

Not Regex

!~

Regular expression not equals

StartsWith

*~

Search for a log line that starts with …​

EndsWith

~*

Search for a log line that ends with …​

  1. You can also pick the labels from the drop-down, and assign values to them.

  2. As you select search terms, Kloudfuse adds them to the log query.

    log query

  3. To remove a search term that you previously selected, click delete (Delete) icon on that tile.

    log query item remove

  4. To remove all search terms that you previously selected, click the delete (Delete) icon on the right side of the drop-down.

    log query item remove all

  5. After you pick a log metric, Kloudfuse displays it in the chart.

Work with queries

  1. Make optional changes to filter and configure your log metric search:

    log query filter configure

    1. In the count ofcount of (Show count of) drop-down, select all logs, all fingerprints, or one of the many prepared labels.

    2. In the by (by) drop-down, choose Everything, or one of the many prepared labels.

    3. In the limit to (limit to) drop-down, select either bottom (bottom) or top (top), and specify the number of records to show: 2, 5, 10, 15, 25, 30, 50, or 100.

    4. In the up every (roll up every) drop-down, select time-based grouping: 15 seconds (default), 20 seconds, 30 seconds, 1 minute, or 2 minutes.

  2. To remove a query, click the Delete (Delete) icon that corresponds to this query.

    log query remove

Work with formulas

Add formula

You can combine metrics over facets or labels into formulas, to get additional insights.

  1. To add a formula, click Add Formula button (Add Formula).

  2. The empty formula option appears in interface as line 1 (1), under the query lines.

  3. Type the formula in the text box next to label 1 (1).

  4. To remove a formula, click the Delete (Delete) icon that corresponds to this formula.

Step 2 Set condition

  1. Define the condition that triggers the alert:

    1. From the first drop-down, select the condition function: Mean, Min, Max, Sum, Count, or Last (default).

    2. From the second drop-down, select the evaluated query (Query (a), Query (b), and so on) or formula (Formula (1), Formula (2), and so on).

    3. From the third drop-down, select the comparison operator: above (default), below, equal to, not equal to, above or equal to, or below or equal to.

    4. [Optional] In the text box, specify the unit of measurement.

    5. In the fourth (last) drop-down, specify the time interval: 5 minutes, 10 minutes, 15 minutes, 30 minutes, 1 hour, 2 hours, 4 hours, or 1 day.

  2. Expand the Configure no data and error handling option.

    alerts no data error handling
    No data

    What to do when data is missing.

    In the first drop-down, select one of the options: Alerting, No data, or OK (default).

    Error handling

    What to do when there is an execution error, or a timeout.

    In the second drop-down, select one of the options: Alerting, OK, or Error (default).

Step 3 Add details

  1. In the Folder name drop-down, select one of the folders.

    alerts choose folder

    Alternatively, click the Create new folder (Create new folder) icon.

    Then, in the Create Folder dialog, specify Folder name, and click Create new folder (Create new folder).

    create folder dialog

  2. In Rule name, specify the name of your rule.

  3. [Optional] In Title, enter the title of your rule.

  4. [Optional] In Runbook URL, enter the location of the runbook that specifies how to handle the alert.

  5. [Optional] Under Desription, specify the purpose of the rule, what conditions it should catch, and so on.

  6. [Optional] Under Custom labels, click Add (plus), and specify the custom label name, and its value.

    To add more custom labels, click Add (plus), and specify more custom labels.

    To remove a custom label, click Trash (Trash) next to it.

    alerts custom labels

  7. [Optional] Under Custom annotations, click Add (plus), and specify the custom annotation name, and its value.

    To add more custom annotations, click Add (plus), and specify more custom annotations.

    To remove a custom annotation, click Trash (Trash) next to it.

    alerts custom annotations

    Use annotations to show different alerts and their visualizations.

Step 4 Add contacts

Choose contact points

  1. Choose one or more of the existing contacts from the drop-down, so they can receive the alert.

    alerts choose contact points

  2. To remove a contact you previously selected from the alert notification, click delete (Delete) icon on their tile.

    alerts remove contact point

  3. To remove all contacts that you previously selected, click the delete (Delete) icon on the right side of the drop-down.

    alerts remove contact point all

Create new contact points

  1. Click Create New Contact Points (Create New Contact Points).

    alerts create contact points

  2. Kloudfuse opens the Create Contact points interface.

    Specify, configure, test, and save new contact points. See Alerts contact points for details.

Create rule

  1. To finalize, click Create Rule (Create Rule).

  2. Depending on your choice of calculation when you Set condition (query a, query b, formula 1, formula 2, and so on) Kloudfuse generates a Confirm Query Selection dialog.

  3. In the Confirm Query Selection dialog, click Confrim and Create(Confirm and Create)

  4. You get a confirmation message.