Change Detection Alerts

Change detection alerts will notify you when a condition changes, such as HTTP 500 errors in your web access logs. They are based off of calculations that you apply to log(s) or logset(s).

Change detections will help you stay on top of critical conditions when something is broken and must be immediately addressed, or occurring errors that must be escalated. This alert will minimize your time to investigate and resolve any errors.

On the Log Search page, you can create alerts in two different ways:

  • auto-populate an alert
  • manually configure an alert

Auto-Populate an Alert

To auto-populate an alert:

  1. Go to the Log Search page.
  2. Select the log or log sets you want in the alert, or use a search query to look for a specific set of logs.
  3. In the top right corner, select the Add Alert button and choose an alert type based on the selected logs. The “Create Alert” panel appears, with applicable steps already pre-populated.
  4. In the “Name” field, name your alert. Optionally provide a description.
  5. If applicable, select the Next button to complete the Trigger section. Read more about Alert Settings.
  1. Click the Skip to Alert link.
  2. In the “Alert Notification” section, define how you will receive notifications. Read more about Alert Settings.
  3. Define a notification throttle to control how many alerts you receive in a specific window of time.
  4. Click Create Alert.

Manually Configure an Alert

To manually configure a change detection alert:

  1. In InsightOps, select the Manage Alerts page, or select the Log Search page from the left menu.
  2. In the top right corner, select the Add Alert button. An empty alert page will appear.
  3. Select Change Detection alert.
  4. In the “Name” section, name your alert and optionally add a description.
  5. In the “Logs” section, select one or more logs or the log sets you want to use in the alert.
  6. In the “Trigger” section, choose a saved query or optionally create a new query using keywords, regex, or LEQL.
    • New queries require that you specify a calculation to use, and a key to apply the calculation. Any changes of the key based off of the calculation will trigger an alert.
  7. Optionally customize the notification settings to define how severe the change is before triggering an alert.
  1. Optionally click the + OR button to add another pattern detection alert on the same logs.
  2. In the “Alert Notification” section, define how you will receive notifications. Read more about Alert Settings.
  3. Define a notification throttle to control how many alerts you receive in a specific window of time.
  4. Click Create Alert.