How do I create an Alert?

Logz.io's alerts can be set on any search done in Kibana.

In order to set up an alert, use the following steps:

1. Perform a search on the Discovery view:

2. Click on the "Create Alert" button to the right of the search bar:

3. You will be presented with the Create New Alert page with three steps.

4.  In the Conditions page define when you would like the alert to trigger.  Fill out the following fields and click "Continue"

• Trigger if:  Is the aggregation method used for the alert.
• Field: This is the field you want to aggregate based on your "Trigger if" selection.  NOTE: Field is not available if you choose "# of events" for the "Trigger if" menu option.
• Group by: This allows you define if you want to group your aggregation by a particular field.  For instance, if you group by the hostname, then if a single host exceeds the threshold then the alert is triggered for that host.
• Condition: The measurement you want to base your trigger on.
• Threshold:  The limit for triggering the alert.
• Over a period:  This is the timeframe that you want to base the alert on.  So if you set a 5 minute period, this tells the system to check if there is a certain number of events over the previous 5 minutes.

5.  On the Definitions page you define how you want the alert to appear.  Fill out the fields and click "Continue"

• Name: The name of the alert.

• Description: A short description of the alert.

• Severity:  The severity level of the alert. 

6.  On the Triggers page you define how you want to be notified regarding this alert.  Complete the form and click on "Create Alert"

• Suppress notifications for: Suppress notifications on alerts to not repeat an existing condition.

• Send email to: A comma-separated list of email addresses that will receive notifications of this alert.

• Notification Endpoints: Use this to send alerts to an external system using webhooks -- for example, Slack and Pagerduty.