Log Insight 4.5: Alert Enhancements

Log Insight 4.5 added some nice enhancements around alerts. I would like to cover all the enhancements in this post. Read on to learn more!

Description and Recommendation

As Log Insight 4.5, user alerts now support a description as well as a recommendation:

This information is shown no matter what destination(s) are configured for the alert.

Basic Auth for Webhooks

Log Insight introduced webhook in version 3.3. The feedback has been incredible for this feature. One missing capability was the ability to set basic authentication as part of the webhook. I am happy to announce this feature is available in version 4.5. Simply add the basic authentication in the standard HTTP format:
Of course, I would recommend using HTTPS for this traffic. You can validate that things are working as expected by leveraging the test endpoint available in the webhook shim (be sure to update to the latest version since) with the send test alert button in the Log Insight UI:

$ > ./runserver.py
2017-11-13 22:48:11,926 INFO Please navigate to the below URL for the available routes
2017-11-13 22:48:11,964 INFO  * Running on http://0.0.0.0:5001/ (Press CTRL+C to quit)
2017-11-13 22:48:16,816 INFO Basic dXNlcjpwYXNz
2017-11-13 22:48:16,816 INFO {"AlertType":1,"AlertName":"Test","SearchPeriod":300000,"HitCount":0.0,"HitOperator":2,
"messages":[],"HasMoreResults":false,"Url":null,"EditUrl":null,"Info":null,"Recommendation":null,"NumHits":0}
2017-11-13 22:48:16,817 INFO 192.168.1.29 - - [13/Nov/2017 22:48:16] "POST /endpoint/test HTTP/1.1" 200 -

If you base64 decode the basic header, you can see it matches what I configured in the UI:

$ > base64 -D
dXNlcjpwYXNz
user:pass

Note that all webhook shims that supported basic auth have been updated to pass basic auth information received in the header — be sure to grab the latest version!

Count for AQ in Alert History

Alert history was added in Log Insight 4.3. One thing this feature was missing was the ability to show the count for aggregation queries. This capability has been added in version 4.5:

API for Alert Execution and History

Another limitation of the alert history in version 4.3 was that no API was made available. As of version 4.5, an API is now available for alert history.

© 2018, Steve Flanders. All rights reserved.

3 comments on “Log Insight 4.5: Alert Enhancements

Vijay says:

Hi Steve, We use log insight 4.5 in our system test environment to help us smart triage, send alerts, collect VC and ESX logs etc. Its been very useful. Currently we are trying to automate creating alerts and pushing alerts as we wish. The log insight rest api vi https://vmw-loginsight.github.io/#alerts shows there is a POST call to /api/v1/alerts that can take in an alert as json in request body. I tried using it from postman and I get, “errorMessage”: “Handler not found for request POST /api/v1/alerts”. Also https:///rest-api is 404. So there’s not much help as in what’s supported and what’s not.

Hey Vijay — weird as that API is supported. Are you sure you are sending with the “content-type: application/json” header? If so, I would open a SR.

Vijay says:

Got my answer from LI VMW internal slack channel. It’s only supported from 4.6 onwards. We moved to 4.7. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top