08 Dec 2023 07:39 PM
Hello:
I have an alerting profile that is based upon sending alerts only with certain Tags.
I recently created my first Cusomt Log Event under Log Monitoring-->Events Extraction.
The Log event works, I have it set as a custom Log event. It populates in the problem window.
However, I want to be able to add a tag to it.
How is this done?
Solved! Go to Solution.
08 Dec 2023 08:31 PM
Hi @runatyr ,
if your log is collected thru OneAgent, it will set the target entity as the host/PG from where the log come, so the tag you have in that entity will be used by your alerting profile.
18 Dec 2023 07:30 PM
Thanks dannemca.
The log is collected through OneAgent.
So then, if that host has no tag, none will come from the alerting profile. Is that correct?
18 Dec 2023 09:53 PM
Hi @runatyr
You could try adding Log Event Properties to your Extracted Log Event.
From the docs:
A property is a key/value pair that is set on every triggered event. You can have one or more placeholders as a value that will be extracted from the log data. For example, a property with Key set to PGI and a Value of placeholder {dt.entity.process_group_instance} will extract the process group instance value from log data once the event is triggered. If the placeholder substitution fails, both the key and the value will not be available.
Thanks,
Lawrence
05 Sep 2024 03:29 PM
I have a similar situation. I have log ingestion by the api. Fields im sending are content, log level, host.id, application. Customer wants a maintenance window for this event extraction that generate a problem card. So how do I setup the entity for this? I do not see an entity filed for Logs or host.id? Any ideas how to include this custom event extraction to not alert during off hours? How would I construct the entity selector to include this in my maintenance window?