Navigation:  »No topics above this level« Alerting

This chapter deals with creating and managing Alert Queries, Alert Rules and Instances and Alert Events.

 

There are two types of alerts, raw alerts and alerts on indexed files.

 

•Raw alerts are created from raw log data and have the type "raw" for the indexer name. In them you can write regular expression entries (regex). They can be accessed from this alerting screen or by filtering raw log files ( create alert button on logs screen )

 

•Indexed alerts are created from indexed log data and have various names under the indexer tab. They can be accessed via the indexing tab also (via the “create alert query” button)

 

It is also to be noted that Alert Queries, Alert Rules and Alert Events are connected. Here's how.

 

Note:   Alerting Queries and Alert Rules are enabled under the Alerting menu for a user if the config_advanced role is assigned to the user.