com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'html' is unknown.

Defining a Search Monitor

Owned by Haim Koschitzky
Nov 27, 2015
2 min read

XpoLog search monitor runs automatically by the system at scheduled intervals and execute a search query as its monitoring rule. The search monitor can be defined directly from the search console as well.

The following is a step by step flow to add a search monitor with alerts:

1. From The Monitors console (Manager > Log Actions > Monitors) - select Add Search Monitor.
2. Name the Monitor, and add the search query (simple or complex) you wish the monitor to execute.
3. Alerts - Add new Alert. If this is the first time XpoLog is configured to send alerts then you will be asked to enter details that XpoLog can use to send the requested alert. Create the alert and save it.
4. Schedule - configure the frequency that you wish for this monitor - based on the configured frequency the monitor will scan the log. 

  • Never will turn off the scheduler and will not execute the monitor
  • Daily will run every day based on time interval (Repeat Every) or at a specific hour (Daily At)
  • Weekly - will run on the specified day(s) based on time interval (Repeat Every) or at a specific hour (Daily At)
  • Monthly - will run on the specified month(s) on a given day based on time interval (Repeat Every) or at a specific hour (Daily At)

 

5. Save it. It will run automatically based on the frequency you configured and it is also possible to execute a monitor manually if needed by selecting the monitor and click the execute button.

Note: 

  • On each execution, the monitor scans only new records and not the entire log.

 

Advanced section:
 

  • Scan log from last scan point - determines whether the monitor will scan only new records in the log on each execution or the entire log either way. By default this option is selected.
  • Failure - determines the fail criteria of a monitor. By default if a single record was found matched to the configured rule, it will be considered as a failure and the alerts will be triggered. 
  • Once failed, execute failure actions only after - after a failure, alerts will be sent again only after a specified number of additional failure without a success between.
  • Once failed, execute failure actions for - by default the monitor executes the alerts on the latest record that was matched per each execution. This is the recommended option - the last event only. None of the events - no alerts will be sent, the first event only - a single alert on the first record that was matched per each execution, each event - the alerts will be triggered on each log record that was matched per each execution (not recommended since the number of records that may be found matched is not limited and the alert will be sent per each one).

    In case each event is selected, it is recommended to limit the total number of alerts that may be sent per each execution (Maximum number of alerts to send).
  • Positive Alerts - execute a positive alert as an indication that a specified time has passed since last failure.