I already covered the new UI enhancements in Log Insight 4.3, but there is another cool UI feature I have not mentioned yet: user alert history. Read on to learn more!
Log Insight has always featured the ability to create user alerts. User alerts can be triggered in a variety of ways including via email, vROps, and/or webhooks. One potential limitation of Log Insight user alerts is that they were fire and forget. What I mean is that there was no easy way to tell natively within Log Insight if/when a user alert had triggered. You could go to Manage Alerts on Interactive Analytics and individually run each alert over a desired time range, but this operation would take time and consume resources on Log Insight. What would be really nice is if user alert history could easily be displayed in Log Insight.
I am happy to announce in Log Insight 4.3, user alert history is now available in the UI!
For normal users, now under Manage Alerts on Interactive Analytics you will notice a new alert history icon:
Select this option will show the history of the alert (if any):
You will notice this option also exists for content pack alerts, however you cannot enable content pack alerts today (you must copy to user space) so these will always return “No history for this alert”:
For admin users, now under User Alerts (/admin/alerts) you will notice a new alert history icon next to each alert:
Again you will see the alert history if any exists:
Alert History Details
Here is a little additional information about the alert history details:
- Information only applies to user alerts (not system notifications)
- Information is displayed very similar to email results (aggregation queries do not contain the count column as of LI 4.3)
- Up to the last 20 times the alert triggered are displayed
- Each entry displays the time the alert fired which can be expanded to show the details
- In addition to expanding, the query can be run on Interactive Analytics
- As previously mentioned, content pack user alerts on Interactive Analytics will also display no alert history (because you they cannot be enabled)
Export Alert Table
Oh, and admins can export the alert table by scrolling to the bottom of the page!
© 2017, Steve Flanders. All rights reserved.