XpoLog monitors group is an entity containing multiple monitors which can be executed as a group.
The following is a step by step flow to add a monitor group:
- From The Monitors console (Monitors and Tasks > Monitors) - select Add Monitors-> New Group Monitor.
- Name the Monitors Group,
- Provide a description
- If relevant, enter a SOURCE QUERY that will be applied automatically on all the group's members - this may be used to limit the sources that the group's members will run on regardless of their search query. The SOURCE QUERY uses the search sources syntax ( I.E. apptag.NAME, folder.NAME, log.NAME, server.NAME).
- Group Monitor - Choose the monitors that will be associated with the Monitors Group by doable clicking a monitor. All associated monitors will be displayed in the Selected Members and Privileges list.
- Optional:
- Schedule Monitor - configure the frequency that you wish to apply for this monitors group - based on the configured frequency the monitors will scan the log. Note that setting scheduler replaces scheduler of all group members.
- Never will turn off the scheduler and will not execute the monitor
- Daily will run every day based on time interval (Repeat Every) or at a specific hour (Daily At)
- Weekly - will run on the specified day(s) based on time interval (Repeat Every) or at a specific hour (Daily At)
- Monthly - will run on the specified month(s) on a given day based on time interval (Repeat Every) or at a specific hour (Daily At)
- Failure Alerts - configure the failure alerting policy that you wish to apply for this monitors group - based on the configured frequency the monitors will scan the log. The failure alerts policy applies for all the group monitor members and replaces any individual monitor's alerts policy.
- Failure Alerts Policy:
- Failure - determines the fail criteria of the groups monitor. By default if a single record was found matched to the configured rule, it will be considered as a failure and the alerts will be triggered.
- Once triggered, execute failure actions only after - after a failure, alerts will be sent again only after a specified number of additional failure without a success between.
- Trigger Alerts:
- Once per execution: By default the monitor executes the alerts on the latest record that was matched per each execution. This is the recommended option - the last event only.
- Each event per execution - the alerts will be triggered on each log record that was matched per each execution (not recommended since the number of records that may be found matched is not limited and the alert will be sent per each one, limited to 100).
- Add new Alert - see details on available Alerts
- Positive Alerts - execute a positive alert as an indication that a specified time has passed since last failure. The positive alerts policy applies for all the group monitor members and replaces any individual monitor's alerts policy.
- Security - configure security (users/groups) that are associated to the monitors group. The security policy applies for all the group monitor members and replaces any individual monitor's security policy.
- AppTags - select the AppTag(s) that are associated to the monitors group. Apptag(s) selection for the monitors group applies for all the group monitor members and replaces any AppTag(s) that are associated with an individual monitor.
- Schedule Monitor - configure the frequency that you wish to apply for this monitors group - based on the configured frequency the monitors will scan the log. Note that setting scheduler replaces scheduler of all group members.
- Save it. It will run automatically and apply for all the group members based on the frequency and policy you configured and it. Note that is also possible to run manually all the monitors if needed by right clicking it and selecting the execute option or via the console's Actions menu.
To Add a monitor to a group:
- Create directly into the group:
- Right click the group icon > Add Monitor, and follow the monitor creation steps.
- Add an existing monitor to a group:
- Right click the group icon > Edit
- Under the GROUP MEMBERS section, select from the 'Choose members from list' part the monitor(s) to be part of the group. Note: only monitors which are not part of any group are displayed in the 'Choose members from list' section.