Skip to main content
Sumo Logic

Lab 6: Create an alert

  1. Last updated
  2. Save as PDF
Now that we have our dashboard and search in place, let's schedule an email alert to let us know when there's an important event in our data.

Part 6: Create an alert

Now that you know how to search through data and understand your data, we can create an alert. Alerts allow you to monitor trends in your data.

For the purposes of this tutorial, let's create an email alert. To do that we'll schedule the search we just created.

  1. Let's select our Visitor Locations Search tab
    Visitor Locations
    and click Save As.
    Save Search As
     
  2. Let's keep the default settings, and click Schedule this Searchclipboard_ecf3015604fc1b7d204d96a388be6444c.png
  3. Next, select Every 15 minutes as the Run Frequency.Run Frequency
  4. You will see the options for alerts in the Save Item window.
    Tutorial Save Item.png
  5. Set the following fields:
    1. Run Frequency. Every 15 minutes. The search will run every 15 minutes at :00, :15, :30, and :45
    2. Time range for scheduled search. Let's set this for Last 3 Hours.
    3. Timezone for scheduled search. This option is great when your source logs are in another timezone but for now, let's leave this at GMT-8:00.
    4. Send Notification. Select Every time a search is complete. You will get an email with search results every 15 minutes based on the selection you made in Run frequency.
    5. Alert Type. Select Email
    6. Send email on failure to search owner. This option is selected by default, but let's unselect the option for this tutorial.
    7. Recipients. Put your own email address. Don't copy my happy_sumo_user@sumologic.com address.
    8. Email Subject. Lets use some variables to make the subject meaningful to you:  
      {{SearchName}} {{FireTime}} {{NumRawResults}}
    9. This will give you a subject line with the name of the saved search, the time that the search ran, and the number of raw messages returned by the search.
    10. Include in email. Choose Results as a CSV attachment to get a CSV file of the results to go with your alert.  (The maximum CSV file size allowed is 5MB or 1,000 results. )
  6. Click Save.
    Soon, you should see your first email alert:
    Alerts Email

    And, also a CSV file named with the search name and timestamp:Visitor Locations CSV
  7. To turn the alert off, open the corresponding query in the Search view, select Edit, then Edit this Search's Schedule:Edit Scheduld Search.jpg
  8. Select Never from the Run frequency dropdown selector, and Update to confirm the changes:RunFrequencyToNever.jpg