Smart Alerts for logs

With Smart Alerts for logs, you can automatically receive alerts when specific log messages occur more often than usual, or a known problem visible in the logs is regressing.

Instana suggests the thresholds and remaining configurations for you. When you add multiple alerting channels to the configuration, and Instana automatically creates a customized alert for you.

Adding an alert

To add an alert, complete the following steps:

  1. From the navigation menu in the Instana UI, select Analytics.
  2. From the Analytics drop-down list, select Logs.
  3. Select the Smart Alerts tab.
  4. Click Add Smart Alert.

The Add Smart Alert opens the alert configuration dialog where you can configure Smart Alerts.

The alert configuration process includes the following steps:

  1. Define the scope
  2. Define the threshold for violations
  3. Define the time threshold about when to be alerted
  4. Select the alert channels that are to be notified
  5. Define the alert properties
  6. Add custom payloads to be included in alerts

Defining the scope

In the scope section, the metric log count metric is selected by default. You can narrow down the scope by adding filters based on the log content or underlying infrastructure. The metric results can be grouped with the available grouping tags. Currently, multiple grouping tag is not supported in Log Smart Alerts.

Defining the scope

Defining the threshold

Currently, Log Smart Alert supports only the static threshold option. Static thresholds do not change over time. A static threshold is set when you create or modify the Smart Alert. The threshold might stop being relevant after the underlying metric is changed significantly. You can select a threshold operator to define the threshold condition.

After the scope and threshold is defined, the chart is plotted based on the historic data against the metrics. The maximum of 7 days historic data are available for visualization in the chart. You can switch between the last 24 hours to 7 days of historic data to visualize the historic variations of metric data.

Based on the historic data and threshold conditions the chart displays the alerts that might trigger with the current set threshold value.

Alerts Previews

If you select any grouping options, the grouping results might appear as a table just after the chart. To analyze the metric data trends in the chart against each grouping, select the respective rows in the table.

Grouping selection

Defining the time threshold

For the alert that is triggered, you can add more conditions in the Time Threshold section when the defined threshold for the selected metric is violated.

The following typical conditions, often used in practice, are as follows:

  • Persistence over time: Select a time window and the number of consecutive times of violation. You receive an alert when the metric violates a defined threshold over the defined time window.

Time threshold

Adding alert channels

To add alert channels, complete the following steps:

  1. Click Select Alert Channel.
  2. From the list of preconfigured channels, select the channels from which you want to receive the alerts.

For more information about creating channels, see Alert Channels.

Selecting alert properties

Adding more alert properties is optional.

Adding more alert properties provides you with the additional configuration that best suits your needs. You can edit the current title and description of the alert, define the alert level (warning or critical).

Alert properties

Adding custom payloads

To include an extra payload that is relevant to you in alert notifications for specific alert configuration that is sent by Instana, click Add Row in the Custom Payloads section.

For more information about custom payloads, see Configure Custom Payload Globally.

Both global custom payload and alert-specific custom payload are included in alert notifications if applicable, but the alert-specific configuration has priority over the global configuration. As a result, if you use the same key, the value of the global custom payload field is overridden by the alert-specific one.

The following image shows globally defined custom payloads that are used in the alert configuration:

Read only global custom payload

Currently, public preview supports only a static custom payload.