Alert definitions are a streamlined and centralized mechanism to alert on collected metric data. After alert thresholds are configured, alerts are generated.

To create an alert definition:

  1. Go to Infrastructure > Logs.
  2. On the left side of this page, click the Menu icon.
  3. From the MY LOGS VIEWS page, under QUICK LINKS, select Logs Configuration.
    The configuration page is displayed.
  4. From the configurations page, select the ALERTING tab.
    The alert details page is displayed.
  5. Click Add.
  6. Enter the following details:
FieldDescription
NameName of the alert.
LOGQLFilter the logs for which you want to apply the alert definition.
GROUP BYThis option gives you the flexibility to identify the resources based on specific properties.
Below are the few recommendations to use in GROUP BY option to map the log alerts to resources:
  • AWS Lambda: extResourceId,resourceType
  • AWS API Gateway: extResourceId,resourceType
  • AWS RDS: accountNumber,resourceType,name
  • Agent logs: resourceUUID
Alert on no dataSelect if you want an alert when no data is passed in the log.
Alert SeveritySeverity of the alert.
  • Critical
  • Warning
OperatorSelect the operator from the drop-down.
  • >
  • >=
  • <
  • <=
  • =
  • DECR
  • INCR
CountSpecify the count.
For example, if you specify the count as 10 and operator as > , an alert will be sent if more than 10 logs have been created.
DurationSpecify the duration.
For example, if you specify the duration as 60 seconds, count as 10, and operator as > , an alert will be sent if more than 10 logs have been created within 60 seconds.
Alert on HealThis option is applicable to heal critical and warning alerts. You can heal the alerts based on below conditions:
  • On no Logs: When no matching logs are found as per the query filter defined.
  • On Message: When the filter criteria matches the value specified in the Operator and Value fields, then the critical and warning alerts will be healed.
SubjectEnter the subject.
DescriptionEnter the description for the alert definition.
  1. Click ADD DEFINITION.
    The alert definition is created.

Or, you can also edit an existing alert definition from the alerting page and then modify the alert definition.

Delete an Alert Definition

  1. Go to Infrastructure > Logs.
  2. On the left side of this page, click the Menu icon.
  3. From the MY LOGS VIEWS page, under QUICK LINKS, select Logs Configuration.
    The configuration page is displayed.
  4. From the configurations page, select the ALERTING tab.
    The alert details page is displayed.
  5. Select an alert definition.
  6. Click Remove.
    The selected alert definition is deleted.