Log Insight has always featured user alerts. In Log Insight 3.6, a new threshold has been introduced: When a new event type is seen. Read on to learn more about this new threshold!
Log Insight user alerts notify you when certain queries happen at a certain threshold. Thresholds are critical to ensure you are receiving the right number of alerts at the proper frequency. Given that user alerts are based on queries they are static by nature — if the query returns results and meets the threshold then you get notified. What if you want to use the same query, but only be notified if you receive a new type of event? Until Log Insight 3.6, this was not possible, but now it is!
As I have discussed in the past, event types are part of Log Insight’s native and automatic machine learning capabilities. They provide the ability to cluster similar events together as well as perform schema discovery.
Event Type Threshold
To configure an event type threshold, simply construct the query like you normally would and then select the event type threshold option:
Similar to the Event Types tab, the event type threshold is not configurable. Log Insight automatically discovers event types and will notify when a new one is found for the current alert. Of course, the alert period — shown in darker gray at the bottom of the screenshot above — is how often the alert will fire.
© 2016, Steve Flanders. All rights reserved.