Skip to main content
Sumo Logic

Monitor FAQ

I was told that new alerting was enabled on my account but I am not able to see the Monitors tab?

You might be in a role that doesn't have permission to access the Monitors page. Ask your admin to provide you with View or Manage Access for the Monitor page.

Does Auto Resolution work with all different types of Connections?

Auto Resolution is currently supported with Email, Slack, and PagerDuty Natively. Support for other connection types is coming soon.

If an incident persists for a long time, will I get bombarded with repeated notifications?

Sumo Logic’s new monitors are intelligent, each monitor keeps track of the notifications that are sent out, and won't send additional notifications after sending the first one if the incident persists. It will, however, send additional notifications if there is a major change in the state of the monitor, such as new triggers from Warning to Critical.

How many monitors can I create? 

In beta, we currently support up to 200 monitors. 100 Log monitors and 100 Metrics monitors. 

I am getting an error Message about Cardinality when creating metrics monitor, what does it mean?

Metrics monitors can evaluate up to 15K time series. If your Monitor query returns more than 15K time-series you'll get this error. If you are facing this, we recommend breaking up the monitor into several smaller ones with more restrictive queries.

For example, instead of creating one monitor to alert on CPU utilization, break it up into one monitor per deployment or service. This will also give you more flexibility in setting more customized thresholds & help reduce alert noise.

Can I use “Save to Index” or “Save to Lookup” for Log Monitors, just like I can for Scheduled Searches?

No, Log Monitors don't support these options. 

Are Search Templates supported in Log Monitors?

No, Search templates are not supported in log monitors. 

What happens when a trigger condition continues to be met for many days. Such as missing data for a couple of days.

After one day if there is no update to an incident, the system automatically expires it. The incident is marked as resolved with the resolution set to Expired.

What happens when more than one Trigger Condition is met? Will I get multiple notifications? 

There are two cases when this can happen. 

  • When both Critical & Warning conditions are met two separate notifications are generated, one for the Critical condition and one for the Warning condition. Auto resolution, if set up, will work according to the resolution condition for each case.  
  • When the Missing Data condition is met after initially firing a critical/warning incident the system will resolve the Critical/Warning incident that was created with the appropriate Resolution reason. The system will also create a new Missing Data incident and notify you appropriately using your configured notification channel.