Log Insight has always featured user alerts. In Log Insight 3.6, a new threshold has been introduced: When a new event type is seen. Read on to learn more about this new threshold!
Thresholds
Log Insight user alerts notify you when certain queries happen at a certain threshold. Thresholds are critical to ensure you are receiving the right number of alerts at the proper frequency. Given that user alerts are based on queries they are static by nature — if the query returns results and meets the threshold then you get notified. What if you want to use the same query, but only be notified if you receive a new type of event? Until Log Insight 3.6, this was not possible, but now it is!
Event Types
As I have discussed in the past, event types are part of Log Insight’s native and automatic machine learning capabilities. They provide the ability to cluster similar events together as well as perform schema discovery.
Event Type Threshold
To configure an event type threshold, simply construct the query like you normally would and then select the event type threshold option:
Similar to the Event Types tab, the event type threshold is not configurable. Log Insight automatically discovers event types and will notify when a new one is found for the current alert. Of course, the alert period — shown in darker gray at the bottom of the screenshot above — is how often the alert will fire.
© 2016, Steve Flanders. All rights reserved.
Could you give a practical example of how to use this new feature?
Absolutely — I will have a post in a couple weeks. In the meantime, thing about something like Java stack traces. If you want to be alerted every time you see a new stack trace. I hope this helps.
Thanks ,Great article. The way you explain each and everything is really a great .You show the benefit of Log Insight 3.6 .It is really helpful. I have done by the help of your article. Thanks for sharing
Thanks for the comment and I am glad you are enjoying the content!