Manage Flow/Log Alerts¶
Create Flow/Log Alert¶
You can create a new alert for flow and logs. Before you start creating a new alert, please keep following things in mind:
You’ll create an alert for a source type. All the flow and logs of that source type will automatically fall into that alert.
Create only 1 alert for one source type with same rule.
If you want a different alert for specific flow/logs with same rule (other than what you are creating for the source type), exclude them from the alert.
If you want to create an alert for specific flow/logs with same rule (that you excluded while creating the source type), include them in the alert.
To create an alert in this section click on + New
button on the top panel of the screen.
To create a flow/Log alert, click on Alerts tab Flow/Log Alert > New Flow/Log icon.
A slider will open for you to provide details for the alert.
Flow/Log Alert Name: Provide the name of the flow/log alert.
Alert Status: Select a status for the flow/log alert.
Enabled: when selected, the alert will be active.
Disabled: When selected, the alert will be disabled.
Alert Type: Select the type of the alert: Scheduled/Real Time
Scheduled: Sends the alert at scheduled time. Selecting this radio button displays controls to configure the scheduler.
Real Time: Whenever an alert is generated, system will notify you in real time.
Alert Window: Define a time frame here. Motadata will generate alert logs of this time frame. Create a time frame using the field and the drop down next to it. Provide a number in the field and select the time range from drop down. We recommend to generate logs at every 10 seconds.
Filter: Filters provide you only requested data (out of all the data).
Source Type: This includes the types of the flow/logs that are captured by Motadata. Filter: You may further filter the information based on:
Tag
Monitor
RPE
Department
Include: The tags, monitors, RPEs, departments associated with the source type will automatically show up in the drop down menu. You can click on the checkbox corresponding to the entity you want to include. Use this if you want to create a specific alert for a metric of any flow or log.
Exclude: The tags, monitors, RPEs, departments associated with the source type will automatically show up in the drop down menu. You can click on the checkbox corresponding to the entity you want to exclude. Use this if you want to create a different alert for a metric of any flow or log.
Rule
Source Host: Based on the source type you select (in filters section), the host is the list of information that Motadata fetches from the source. Select a value for which you want to generate the alert.
Value/Count: Select the suitable option for the alert condition. When you select ‘Value’, system will evaluate the flow-log values that matches with the provided input. When you select ‘Count’, system will evaluation the counts of system with the provided input.
Equal: Select the operator for the value. By default, equal is selected as default operator.
Value: Type the value for evaluation. Filter will use this input to compare with system values.
You can add more than one rule. Click on button to add another rule. Also select the conjunction of the two rules.
Action
The group defines the type of action and when the alert is triggered.
Severity: Select a severity of the alert. Every severity has a color code. The color helps you visualize the severity on the flow/log tab in alert stream and index page of flow/log alerts page.
Action: Actions are the output generated by Motadata against an alert. You can use from existing actions or create a new action. (To read more, refer to Actions<http://docs.motadata.com/user-guide/10.Actions/actions_index.html#actions> section).
Suppress Action: Turn on the suppress action if you want to suppress the alert for the specific period of time. When you turn on the ‘suppress action’, two options are visible to configure suppress time and time units.
Alert
Define the alert title and alert message parameters. This email will be sent to the concerned person when an alert is fired.
Title: Enter the subject of the email.
Message: Enter the body of the email.
List of placeholders
* $NEWLINE$: Starts the message into new line. This is for line break.
* $alert-id$: Shows the unique alert ID value.
* $alert-name$: Shows the name of the alert.
* $alert-severity-description$: Shows the severity of the alert.
* $alert-triggered-time$: Shows when the alert was triggered.
Note
Leave the alert fields blank to use the Motadata’s default email template.
Edit Alert¶
Click on the edit button from index page of flow/log alerts. The system will open the screen (similar to create an alert) with all fields occupied.
Delete Alert¶
Click on the delete button from the index page of flow/log alerts. The system will show a warning to confirm your action of deleting alert.