To create an alert fill in the form on the General section of the Alerts Config page. It is open by default when you first land on this page.
Name The name of the Alert. This will appear in the logscape logs and in the Subject line of all emails sent by this alert.
The Search (optional) - Specifies the search used to trigger the Alert. The trigger search is executed retrospectively. If this field is left blank. The Alert will execute any alert actions every time it runs. This is useful when an hourly or daily report is required. This is achieved by leaving the search field blank, and setting up the appropriate Report and Email action.
Schedule The schedule defines when the trigger search is run. When it is time to fire the alert, the trigger search is executed. Events that match the trigger conditions are collected for the duration specified in the schedule historically. Here are a couple cron schedule examples:
5 * * * *This patterns executes the trigger search on the 5th minute of every hour.
*/5 * * * *This pattern executes the trigger search every 5 minutes
Real-time - A real-time alert is always collecting results and does not close. It will collect events as they occur within Logscape; any events that match the trigger conditions fire immediately.
Enabled -This option simply enables or disables the alert.
Data Group - defines the scope of the trigger search. Use this option to restrict the events considered to a particular set of tags or datagroup.
The table below the alert settings gives the last execution of each alert available within Logscape. The Trigger column displays the minimum number of events required to fire the alert, the Last Run field shows the last time the schedule executed the alert search and the Last Run gives the last time an alert was triggered.