Inactivity Detection Alert

Also known as "Up Down Monitoring," inactivity alerts can be used to notify you when an entire log, log group, or particular pattern becomes inactive for a given time period.

Inactivity alerting is useful for system assets that must be running constantly (such as a critical server). The ability to set the time window of inactivity gives you control over your data, your environment, and your assets, and allows for damage control and prevention of data loss.

On the Log Search page, you can create alerts in two different ways:

  • auto-populate an alert
  • manually configure an alert

You can always switch to a different alert type during configuration.

Auto-Populate an Alert

To auto-populate an alert:

  1. Go to the Log Search page.
  2. Select the log or log sets you want in the alert, or use a search query to look for a specific set of logs.
  3. In the top right corner, select the Add Alert button and choose an alert type based on the selected logs. The “Create Alert” panel appears, with applicable steps already pre-populated.
  4. In the “Name” field, name your alert. Optionally provide a description.
  1. Optionally, select the Next button to complete the Trigger section.
  2. Click the Skip to Alert link.
  3. In the “Alert Notification” section, define how you will receive notifications. Read more about Notification Settings.
  4. Define a notification throttle to control how long the log or log sets are inactive before receiving an alert, and a throttle to control the quantity of alert notifications you will receive. Read more about Alert Throttling.
  5. Click Create Alert.

Manually Create an Alert

To configure an inactivity alert:

  1. In InsightOps, select the Manage Alerts page, or select the Log Search page from the left menu.
  2. In the top right corner, select the Add Alert button. An empty alert page will appear.
  3. Select Inactivity Detection Alert.
  4. In the “Name” section, name your alert.
  5. In the “Logs” section, select one or more logs or log sets you want to use in the alert.
  6. In the optional “Trigger” section, choose a saved query or optionally create a new query using keywords and regex.
    • If you do not add a trigger or pattern, the alert will automatically use the logs to detect inactivity.
  7. Optionally click the + OR button to add another pattern to monitor on the same logs.
  8. In “Trigger Settings,” customize the amount of time a log or pattern must be inactive before it triggers an alert. By default, an inactivity period of five days will trigger an alert.
  1. In the “Alert Notification” section, define how you will receive notifications. Read more about Notification Settings.
  2. Define a notification throttle to control how long the log or log sets are inactive before receiving an alert, and a throttle to control the quantity of alert notifications you will receive. Read more about Alert Throttling.
  3. Click Create Alert.