Example 1: Cannot communicate with the name server
This example demonstrates how to create an alert, based on a specific Message ID in the log data.
The example queries the z/OS® System Log data, looking for a specific message ID EZZ9308E
, indicating an issue with communicating with a name server. An alert is
created every time this message ID is identified.
Before you begin
An email notification channel must have been previously created. For information on the steps to create the channel, see Notification channels.
Procedure
Perform the following steps to create the alert monitor:
- Click the menu icon , and then select in the navigation panel.
- If you currently have no alerts, click the Create monitor button in the Alerts tab; otherwise, click the Monitors tab, and then click the Create monitor button.
- Perform the following steps in the Monitor details pane:
- Enter Can’t communicate with a name server in the Monitor name field.
- Select the default option per query from the Monitor type list.
- Select the default option Visual editor from the Monitor defining method list.
- Select the Schedule.
Initially, set the monitor to run every minute to get immediate feedback on whether the trigger is set correctly. When you are okay with the monitor, you might want to change it to run only once every 5 minutes.
- Perform the following steps in the Data source pane:
- Enter the value zoa-zos-syslog-console* in the
Index field.
Ensure to press Enter after the asterisk (*).
-
Select the option @timestamp in the Time field list.
- Enter the value zoa-zos-syslog-console* in the
Index field.
- Perform the following steps in the Query pane:
- Retain the default value of document count in the Metrics section.
- Enter 15 minutes in the Time range for the last section.
- Enter a filter criteria in the Data filter section:
- Click Add filter.
A new window opens.
- Select MESSAGEID from the Field list.
Regardless of whether the value is manually entered in the field, you must still select the value from the Field list that contains valid values.
- Select is from the Condition list.
Regardless of whether the value is manually entered in the field, you must still select the value from the Condition list that contains valid values.
- Enter EZZ9308E as the value of the field.
As you provide the filter criteria, you can observe that the criteria is built above the window. When MESSAGEID is EZZ9308E is displayed as the criteria, you can click the Close link in the window.
- Click Add filter.
You can open the Preview query and performance section and confirm if these selections correspond to the available data.- Statistics indicating the performance of the query are displayed, listing the duration of the query and the number of results it found. These statistics help you determine the potential system load when the query is run as a scheduled job.
- A line graph displays the query results in five time range intervals. The results help you to determine whether the time range is reasonable and if valid data is available.
- Perform the following steps to add a trigger:
- Click the Add trigger button, and then open the New trigger section.
- Enter Unreachable name server in the Trigger Name field.
- Retain the default option of 1 in the Severity level list.
- Select the condition IS ABOVE and enter a value of 1 in the Trigger condition field.
The data that is ingested during time range intervals is displayed in a line graph. Additionally, the trigger condition is represented as a red horizontal line, overlaying the line graph. This representation provides you with an understanding of potential alerts that might be triggered in future monitor iterations.
- Perform the following steps to add an action within the trigger:
- Enter Notify administrator of unreachable name server in the Action name field.
- Select a channel in the Channels list.
- Enter Unknown name server in the Message subject field.
- Retain the default message-body text in the Message field.
Check the Preview message selection or click the Send test message button to preview your message.
- Click the Create button at the end of the page.
- An overview of the monitor settings.
- The trigger with the number of actions it performs and its severity.
- A history of the trigger state that is represented as a bar chart.
The bar is green (no alerts) until the monitor results in an alert or encounters an error for the first time. Errors are indicated through a change of the bar to a light gray color; triggered alerts are indicated through a change to red.
- A list of alerts that were generated by this monitor.
- Until an alert is triggered, the list is empty.
- When an alert is triggered, it displays the following details:
- A start and end time
- The name of the trigger that generated it
- The severity
- The state
- The time it was acknowledged (if it was acknowledged)
- From this list, alerts can be searched and acknowledged.
- The monitor name and whether it is enabled.
- The monitor type.
- The last alert that it triggered and the time it was triggered.
- The number of alerts that are Active, Acknowledged, have Errors, and Ignored (moved to the Completed state).