cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Custom alerts for log monitoring

jc__
Visitor

Hi

I would like to create a custom alert on log monitoring whereby an alert is raised when more than 1 log events occurred in a day. I tried to configure the custom event to raise an error when the metric threshold is above 1 in the given day, which is 1440 minutes. However, the maximum value of minutes period is 60. Can anyone advise me on this issue?

jc___0-1669347452192.png

Thank you.

3 REPLIES 3

dannemca
DynaMight Champion
DynaMight Champion

Correct me if I am wrong, but if you get an alert in 1h, it means that you got an alert that day, and you will need to be notified about it.

The only problem with the 1h instead 24h is that you may end up receiving more than one alert per day, which may indicates that the system you are monitoring is not so healthy and the attention is required.

You can also work with metrics transformation, for example, limiting the data points to the last day with :timeshift(-1d) and then combine the data to a single point with :fold.

Example:

your.custom.metric.for.log:timeshift(-1d):fold

Try and let us know.

Site Reliability Engineer @ Kyndryl

Hi dannemca ,

Thank you for responding.

I might not have make myself clear in the question asked.

The requirement:

Raise an alert if the metric is above the static threshold of 1 in 2 one minute slot during a day (24 hrs)

The scenario:

Our client has a server that will restart once everyday, hence, one "initialized" keyword will be observed in the log. If there is more than 1 "initialized" keyword raised in a day, an alert should be raised so that our client can look into the issue.

May I know if there is any way to achieve the above requirement?

Thank you.

Hi @dannemca! Do you know if that alerting requirement that jc_ mentioned above is actually possible to achieve? Thank you for your help in advance!