This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Log Analytics
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Alert if the log "pattern" changes

gschramm
Helper

‎12 Jan 2026 03:51 PM

I've configured openpipeline to move the logs from various applications to dedicated buckets. I've also create metric that is counting the messages per loglevel, host and logsource.

Now I'm struggling with setting up Anomoly dectection to alert the application teams when the log pattern changes, eg. more warnings/criticals than usual > send alert.

The issue seems to be with the setting the scope, it can only handle one timeseries. In one app I get ~600 metrics (loglevel x hosts x logsource).  Removing the log source still results in 50ish splittings. Even just using the loglevel means 4 and thats too inaccurate for alerting.  The app has a two digit number of servers that are loadbalances, so knowing which servers log behalvior is changing is helping the team to quickly go to the right machine.

 

Any help appreciated.

0 Kudos
Reply
0 REPLIES 0
Ask a question

Featured Posts