Defining a Group Monitor

Owned by Haim Koschitzky
Last updated: Dec 15, 2022 by XPLG Team
4 min read

XpoLog monitors group is an entity containing multiple monitors which can be executed as a group.
The following is a step by step flow to add a monitor group:

  1. From The Monitors console (Monitors and Tasks > Monitors) - select Add Monitors-> New Group Monitor.

  2. Name the Monitors Group, 

  3. Provide a description.

  4. If relevant, enter a SOURCE QUERY that will be applied automatically on all the group's members - this may be used to limit the sources that the group's members will run on regardless of their search query. The SOURCE QUERY uses the search sources syntax ( I.E. apptag.NAME, folder.NAME, log.NAME, server.NAME).

  5. Group Monitor  - Choose the monitors that will be associated with the Monitors Group by doable clicking a monitor. All associated monitors will be displayed in the Selected Members and Privileges list.

  6. Optional:

    1. Schedule Monitor - configure the frequency that you wish to apply for this monitors group  - based on the configured frequency the monitors will scan the log. Note that setting scheduler replaces scheduler of all group members. 

      • Never will turn off the scheduler and will not execute the monitor.

      • Daily will run every day based on time interval (Repeat Every) or at a specific hour (Daily At).

      • Weekly will run on the specified day(s) based on time interval (Repeat Every) or at a specific hour (Daily At).

      • Monthly will run on the specified month(s) on a given day based on time interval (Repeat Every) or at a specific hour (Daily At).

    2. Failure Alerts - configure the failure alerting policy that you wish to apply for this monitors group. The failure alerts policy applies for the group and replaces any individual monitor's alerts policy.

    3. Failure Alerts Policy:

      • Failure - determines the fail criteria of the groups monitor that will trigger an alert. By default, if one of the group members will be marked as failed during execution the group alert will be triggered. Alternatively its possible to determine that only upon a failure of all group members during execution the group alert will be triggered.

      • Once triggered, execute failure actions only after - after a failure, alerts will be sent again only after a specified number of additional failure without a success between.

      • Trigger Alerts:

        • Once per execution: By default the monitor executes the alerts on the latest record that was matched per each execution. This is the recommended option - the last event only. 

        • Each event per execution - the alerts will be triggered on each log record that was matched per each execution (not recommended since the number of records that may be found matched is not limited and the alert will be sent per each one, limited to 100).

    4. Add new Alert - see details on available Alerts.

  7. Positive Alerts - execute a positive alert as an indication that a specified time has passed since last failure. The positive alerts policy applies for all the group monitor members and replaces any individual monitor's alerts policy.

  8. Security - configure security (users/groups) that are associated to the monitors group. The security policy applies for all the group monitor members and replaces any individual monitor's security policy.

  9. Variables - configure variables on the group level. Each variable can be then used in the group’s monitors to be replaced during runtime and save multiple monitors configuration.
    For example: assuming there are 10 monitors under group A. Each of these monitors is sending an alert to multiple addresses and should have some prefix on its email subject which describes the group A.

    1. Create 2 variables:

      1. groupSubjectPrefix with value A Group

      2. groupEmailAddresses with value email1@domain.com;email2@domain.com;email3@domain.com

    2. In the alert of each monitor place a placeholder with the variable name in [square-brackets], it will be replaced during runtime:

      1. Subject: [groupSubjectPrefix]: this is an email alert

      2. To: [groupEmailAddresses]

    3. Changes of the variables on the group level will be used by all monitors that use the placeholders.

  10. AppTags - select the AppTag(s) that are associated to the monitors group. Apptag(s) selection for the monitors group applies for all the group monitor members and replaces any AppTag(s) that are associated with an individual monitor.

  11. Save it.

It will run automatically and apply for all the group members based on the frequency and policy you configured and it. Note that is also possible to run manually all the monitors if needed by right clicking it and selecting the execute option or via the console's Actions menu.

 

To Add a monitor to a group:

  • Create directly into the group:

    • Right click the group icon > Add Monitor, and follow the monitor creation steps.

  • Add an existing monitor to a group:

    • Right click the group icon > Edit

    • Under the GROUP MEMBERS section, select from the 'Choose members from list' part the monitor(s) to be part of the group. Note: only monitors which are not part of any group are displayed in the 'Choose members from list' section.