8.4. Manage Flow/Log Alerts

8.4.1. Create Flow/Log Alert

You can create a new alert for flow and logs. Before you start creating a new alert, please keep following things in mind:

  • You’ll create an alert for a source type. All the flow and logs of that source type will automatically fall into that alert.

  • Create only 1 alert for one source type with same rule.

  • If you want a different alert for specific flow/logs with same rule (other than what you are creating for the source type), exclude them from the alert.

  • If you want to create an alert for specific flow/logs with same rule (that you excluded while creating the source type), include them in the alert.

To create an alert in this section click on + New button on the top panel of the screen.

To create a flow/Log alert, click on Alerts tab Flow/Log Alert > New Flow/Log icon.

new button to create an alert

Click on New Button to Create a New Alert

A slider will open for you to provide details for the alert.

create flow/log alert

Create Flow/Log Alert

Flow/Log Alert Name: Provide the name of the flow/log alert.

Alert Status: Select a status for the flow/log alert.

  1. Enabled: when selected, the alert will be active.

  2. Disabled: When selected, the alert will be disabled.

Alert Type: Select the type of the alert: Scheduled/Real Time

  • Scheduled: Sends the alert at scheduled time. Selecting this radio button displays controls to configure the scheduler.

  • Real Time: Whenever an alert is generated, system will notify you in real time.

Alert Window: As logs/flow continuously comes to Motadata, system looks the logs in given alert window. If the logs in this window has triggers the threshold, system will generate an alert. For example: you set an alert window of 1 hour. Also, you created an alert at 12:00 PM. Now, Motadata will run this rule at 1:00 PM (1 hour window starts when you create an alert). It will look at the logs received between 12:00 PM - 1:00 PM only. If the logs meet the alert threshold, Motadata will generate the alert. Similarly, the next rule will run at 2:00 PM and Motadata will analyze the logs between 1:00 PM - 2:00 PM only.

alert window - flow/log alert time frame

Alert Window - Flow/Log Alert Time Frame

Filter: Filters provide you only requested data (out of all the data).

filters in flow/log alert

Filters in Flow/Log Alert

Source Type: This includes the types of the flow/logs that are captured by Motadata. Filter: You may further filter the information based on:

  • Tag

  • Monitor

  • RPE

  • Department

Include: The tags, monitors, RPEs, departments associated with the source type will automatically show up in the drop down menu. You can click on the checkbox corresponding to the entity you want to include. Use this if you want to create a specific alert for a metric of any flow or log.

Exclude: The tags, monitors, RPEs, departments associated with the source type will automatically show up in the drop down menu. You can click on the checkbox corresponding to the entity you want to exclude. Use this if you want to create a different alert for a metric of any flow or log.

Scheduler (Only available only when alert type is scheduler.)

Scheduler Type: Select the type of the scheduler from the given list. Based on the selection of the type, the values of ‘Job Time Schedulers’ and ‘Run Job On’ varies.

Job Time Schedulers/Cron Expression: Select the value of the scheduler from the given list. The options in the list changes based on your selection of scheduler type. The cron expression appears when you use ‘Cron Scheduler’ in scheduler type.

Run Job On/Date/Scheduler Date: Select the value of the day of a week or the date. Again, the options in the list changes based on your selection of scheduler type.

Scheduler Type

Job Time Scheduler

Run Job On/Date

Hourly

Value of every 5 minute from 0 to 55

NA

Daily

Value of every 5 minute from 0 to 23:55

NA

Weekly

Value of every 5 minute from 0 to 23:55

Select a day of the week

Monthly

Value of every 5 minute from 0 to 23:55

Select a date from 0 to 31

One Time Scheduler

Value of every 5 minute from 0 to 23:55

Pick a date from the calendar

Cron Scheduler

Type the cron expression

NA

For cron expression, we are using Quartz Scheduler to execute Jobs on particular time which support “Seconds” in expressions. To see how you can input cron expression in Motadata, Click here.

Rule

Rule group for flow/log alert

Rule Group for Flow/Log Alert

Source Host: Based on the source type you select (in filters section), the host is the list of information that Motadata fetches from the source. Select a value for which you want to generate the alert.

Value/Count: Select the suitable option for the alert condition. When you select ‘Value’, system will evaluate the flow-log values that matches with the provided input. When you select ‘Count’, system will evaluation the counts of system with the provided input.

Equal: Select the operator for the value. By default, equal is selected as default operator.

Value: Type the value for evaluation. Filter will use this input to compare with system values.

You can add more than one rule. Click on button to add another rule. Also select the conjunction of the two rules.

creating multiple rules for the alert.

Creating Multiple Rules for Alert

Action

configure actions for the alert

Configure Actions for the Alert

The group defines the type of action and when the alert is triggered.

Severity: Select a severity of the alert. Every severity has a color code. The color helps you visualize the severity on the flow/log tab in alert stream and index page of flow/log alerts page.

Action: Actions are the output generated by Motadata against an alert. You can use from existing actions or create a new action. (To read more, refer to Actions section).

Suppress Action: Turn on the suppress action if you want to suppress the alert for the specific period of time. When you turn on the ‘suppress action’, two options are visible to configure suppress time and time units.

suppress alert configuration

Suppress Alert Configuration

Alert

create alert title and message

Create Alert Title and Message

Define the alert title and alert message parameters. This email will be sent to the concerned person when an alert is fired.

Title: Enter the subject of the email.

Message: Enter the body of the email.

List of placeholders
* $NEWLINE$: Starts the message into new line. This is for line break.
* $alert-id$: Shows the unique alert ID value.
* $alert-name$: Shows the name of the alert.
* $alert-severity-description$: Shows the severity of the alert.
* $alert-triggered-time$: Shows when the alert was triggered.

Note

Leave the alert fields blank to use the Motadata’s default email template.

8.4.2. Edit Alert

Click on the edit button from index page of flow/log alerts. The system will open the screen (similar to create an alert) with all fields occupied.

Edit Flow/Log Alert

Edit Flow/Log Alert

8.4.3. Delete Alert

Click on the delete button from the index page of flow/log alerts. The system will show a warning to confirm your action of deleting alert.

delete alert

Delete Alert

delete alert confirmation dialog box

Delete Alert Confirmation Dialog Box