Logscape Documentation

Articles

Alert Actions

When an alert is triggered any configured actions are executed. Actions are not mutually exclusive. Multiple actions can be executed simoultaneously when an alert is triggered.

Report Action

Reports can be attached to the Email notification that are sent when alerts are triggered. To add a report to an email simply put the Search or Workspace name into the Report field.

To add multiple reports add a comma separated list of Searches and Workspaces. When the alert is triggered a pdf will be attached to the email .

Email Action

Reports can be attached to the Email notifications that are sent when alerts are triggered. To add a report to an email simply put the Search or Workspace name into the Report field.

By default emails are as sent in RAW mode, which is a table showing the events that triggered the alert. Emails can also be sent using the EVENT mode which is a tabular view of the trigger events, where eEach column in the table is a field from the type defined for the data. To enable a mode type '[EVENTS]' or '[RAW]' in the message body of the email.

By default links included in Logscape mails will use HTTP, however this can be modified to HTTPS by setting the

mailLinkProtocol

to "https".

Trigger Events -

The trigger events are the final part of the email. The trigger events follow the datatype fields assigned to the log data. The system fields are included at the end.

======== EVENTS ======== Batch,Time,MinNodeRxSuccess,GridRxSuccess,MinNodeTxSuccess,GridTxSuccess ,RxDeltaPct,TxDeltaPct,Delta,_type,_host,_filename,_tag,_agent,_path,7510,Tue Jul 24 00:16:51 BST 2012,0.9994015559545183,0.9990661590402988,0.6,0.998323681804328,0.0000, 39.8324,1,coh-net,WOK-ENV-COH05,2012072400-network-health.txt,qa-md,CohJmxQAAgent, /var/sb-logs/coherence/qa/market-data/report/2012072400-network-health.txt,

Log To File Action

This action writes the events to a file. The file name can be customised with the following labels

Search - The title of the Alerts Trigger Search
schedule - The title of the Alert
date - Date of the Trigger
time - Time of the Trigger

The following entry:

/var/logs/logscape-alerts-{search}-{YYYYMMDD}.log

will produce the following filename

blockquote /var/logs/logscape-alerts-Agents Down Alert - 20120701.log
Groovy Script Action

When an alert is fired a groovy script is executed when scripts actions are enabled. The groovy script has access to all the event details related to the triggering alert. A HashMap sortedEvents is made available to the groovy script and can used to siphon data out of Logscape into other systems, e.g tickets systems, message buses databases and so on.
Sorted Events Key Map
The events key map contains the following the keys:

Alert Details

name - Alert name

triggerSearch - The trigger search assigned to the alert

triggerCount - the number of events need to trigger the alert

Trigger Events

event - all the trigger events as a map

textEvents - the raw trigger events as it appears in the original data

sortedEvents - the events sorted

sortedMap - a key value sorted list of the events

Other

sysout - use this to print to the Logscape system console

log - use this to output data into Logscape log file

currentTime - The time the alert is fired

The example below will write the events level and message to a database.

sql = Sql.newInstance("jdbc:sqlite:C:/home/logscape/work/trigger-data.db","org.sqlite.JDBC") sortedEvents.each(){ event - server = event["server"] date = event["Date"] level = event["Level"] exception = event["Exception"] sql.execute("INSERT INTO events (date,host,logLevel,message) VALUES ("+date+","+server+","+level+","+exception+")" )

This example sends data to the logger.

import org.apache.log4j.Logger import com.liquidlabs.log.search.ReplayEvent; def id = 0 for (ReplayEvent event : sortedEvents) { def keys = event.keyValueMap.keySet() def values = event.keyValueMap.values() logger.warn("FROMALERT: ["+id+"] keys = " + keys.toString()) logger.warn("FROMALERT: ["+id+"] values = " + values.toString()) id++ }