Log Insight 4.0: New User Alerts Administration

Log Insight takes customer experience seriously. The number two request on the Log Insight community was to improve alerts. I am happy to announce this feature is available in Log Insight 4.0. Read on to learn more!

li-logo

The Problems

Many problems were highlighted regarding alerts, but the top concern by far was that super admins did not have the right to manipulate other user’s alerts. Now arguably there is a good security reason not to enable this feature, but there are compelling arguments on the other side as well. The primary usability issue was that if a user misconfigured an alert, only they were able to fix it. This often lead to mass email spamming, Log Insight query performance issues, and other problems.

The Interim Solution

In Log Insight 3.6, an interim solution was provided in the form of the experimental user impersonation feature. While this experimental feature still exists in Log Insight 4.0, a fully supported solution is now also available.

The Solution

The solution was to introduce a user alert administration page:

li-40-user-alertsThis page lists all defined user alerts on a Log Insight instance. In addition, it provides information about which alerts are enabled, run time, search interval and more. Most importantly, it allows super admins the ability to disable, edit, or even delete any user’s alerts.

The “i”, pencil, and “x” icons should all look similar as they function exactly the same as on other parts of Log Insight. The only new icon is the toggle under the Enabled column. If the toggle is to the right and green then that means it is enabled. If the toggle is to the left and gray then that means it is disabled.

Some other features to be aware of on the page:

  • Columns can be sorted by selecting the column name
  • You can filter by alert name, owner name, or content pack
  • You can choose to only view enabled alerts
  • The “Suspend all user alerts” toggle has been moved from the /admin/general page to this page (/admin/alerts)
  • You can export the user alert table by scrolling all the way to the bottom of the page

li-40-user-alerts2

What about Security

Even with this new administration page, security is a concern. This is mitigated through audit logging. If a super admin makes it change, that change is logged to UI.log:

To confirm which alert was changed, you can search for “Updated alert” in runtime.log:

© 2017 – 2016, Steve Flanders. All rights reserved.

Leave a Reply