You can use the alerting features of IBM® Operations Analytics - Log Analysis to
monitor real-time data ingestion and trigger events based on specified
conditions.
You can specify conditions and trigger actions such as sending
an email notification, running a custom script, or logging an alert.
You can also specify custom actions.
To administer the alerts, use the
alerts.sh command-line
utility. For example, to view all the action templates, enter the
following command:
alerts.sh –getAlertActionTemplate
For
more information, see
alerts.sh command-line utility.
Use the REST API to define conditions and actions. You can also
use it to generate lists of the conditions and actions that were created.
For more information, see Alerting REST API.
To debug alerts and verify that they are working correctly, you
can use an alert action template to log events to a specified log
file.
For more information about how to use this feature, see the blogs
at https://developer.ibm.com/itoa/blog/.
Conditions
Before you can implement the
alerting feature, you need to define the conditions that trigger the
alert action. There are two types of condition:
- Base condition
- To trigger alerts based on a single data source and log record,
you define a base condition. For example, to send an email notification
when the response time exceeds 5 minutes for a specified data source
and log record, you define a base condition.
- Composite conditions
- To trigger alerts that are based on time windows, the frequency
of base conditions, or multiple data sources, you define a composite
condition.
Alerting actions
If a condition is met,
IBM Operations Analytics - Log Analysis triggers
an action. Built-in actions are:
- Email notifications
- An email notification is sent to one or more users when a condition
is met.
- Log alerts
- IBM Operations Analytics - Log Analysis logs
alerts to a file. You can use this type of action to debug your alerting
implementation.
- Indexing
- An alert is indexed when a condition is met. You can use this
action to search for alerts that occurred in a specific time period
or to build alert dashboards from the search UI.
- External script
- You can invoke an external script when a condition is met.