Hi Team , I have tested log file monitoring for custom log files and event id from Windows Application log . I found very limited options available with alerting for the same .Please let us know is their any road map to fix this .
1) Email alert does not show up anything what is timestamp of triggered event and what is content of string which trigger the alert .
2) Even in Problem button it just show up about text pattern which we configured in event rule .It should show complete actual event in problem
3)Alert are getting auto closed in 10 min times . Is their any way we can increase time line to close the alert automatically.
4) If I want to trigger alert for event id 0 How to do that . If i just mention 0 under pattern monitoring it is picking those from any event where 0 is available . Their should be parameter or option should be available where I can define Event id = event id monitoring in event rule pattern .
1-2 requires you to click to drilldown to log viewer. We will consider adding entire log message o event body as an enhancement.
3. Alert is closed when no pattern matching log entries are present in the log anymore. Problem stays on the list as "resolved'. Would you expect another behavior ? Why ?
4. This will be possible once we introduce parsing of windows log format. Coming soon.
Adding complete details would be a great enhancement, also, being able to keep the event open, until resolved would be good too... a log event should not be treated in the same manner as a metric threshold breach as there is often only one instance of the event. Example:- job failure... there may be no subsequent events but the issue needs to be resolved before the "problem" is cleared. Would it be possible to correlate events from logs... EG. Job failure and job success.... the latter clearing the former. even if it takes a day or more to get the cleardown event..
I will leave the argument about technical definitions to experts with far greater knowledge than I 🙂 But Jira, is one option for sure, yes. The essential issue we are looking to, hopefully, address, is to be able to treat log entries as events in the same manner as, for example a CPU alert, but, with the exception that we need to take into account that a log event will arrive once and once only, generally, having no repeat signal to indicate the issue is still valid. One action will be to be able to correlate events.. Job Fail with subsequent job success for example. The other case is to have the ability for some manual or automated intervention that can be triggered once the "issue" is resolved. In the sense... event is correctly seen by Dynatrace, and stays "live" until an external action, alters the state. Whether this is generated by an external ticketing system triggering the action, or whether this needs someone to physically set a flag on the event is open for discussion.
Do you have any spec or description around what and how you are planning your correlation?