Versions Compared

Old Version 5

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version 6

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • On each execution, the monitor scans only new records and not the entire log.
  • It is also possible to configure the alerts to include the entire result or selected information from the matched log events:
    • Under the Advanced Section of the email alert you can attach data:
      Append event to end of email body - matched log events will be included in the email body.
      Attach matched events as a compressed Tab Delimited / CSV / XML file.
    • It is possible to add selected log fields to monitor alerts by placing the following place holders:
      [SEARCH_QUERY] = By default, the search query used in the search monitor is presented in the alert's subject. Occasionally, the search query may be long so it is possible to include this placeholder in the email body which will be replaced upon execution with the query.
      [COLUMN_NAME] = the name of the column which its content will be included
      [MONITOR_ID] = the unique id of the monitor
      [MONITOR_NAME] = the name of the monitor
      [MONITOR_STATUS] = the monitor status : 1 = failure , 0 = success
      [LOG_NAME] = the log name that the included event is originated from
      [LOG_ID] = the log name that the included event is originated from
      [HOST_NAME] = the host name that the included event is originated from
      [APPS_ID] = the application(s) name(s) that the included event is originated from
      [FOLDER_NAME] = the parent folder name that the included event is originated from

 

Advanced section:
 

  • Scan log from last scan point - determines whether the monitor will scan only new records in the log on each execution or the entire log either way. By default this option is selected.
  • Failure - determines the fail criteria of a monitor. By default if a single record was found matched to the configured rule, it will be considered as a failure and the alerts will be triggered. 
  • Once failed, execute failure actions only after - after a failure, alerts will be sent again only after a specified number of additional failure without a success between.
  • Once failed, execute failure actions for - by default the monitor executes the alerts on the latest record that was matched per each execution. This is the recommended option - the last event only. None of the events - no alerts will be sent, the first event only - a single alert on the first record that was matched per each execution, each event - the alerts will be triggered on each log record that was matched per each execution (not recommended since the number of records that may be found matched is not limited and the alert will be sent per each one).

    In case each event is selected, it is recommended to limit the total number of alerts that may be sent per each execution (Maximum number of alerts to send).
  • Positive Alerts - execute a positive alert as an indication that a specified time has passed since last failure.