Skip to main content
Sumo Logic

Part 6: Create an alert

Now that we have our dashboard and search in place, let's schedule an email alert to let us know when there's an important event in our data.

Part 6: Create an alert

Now that you know how to search through data and understand your data, we can create an alert. Alerts allow you to monitor trends in your data.

For the purposes of this tutorial, let's create an email alert. To do that we'll schedule the search we just created.

  1. Let's select our Visitor Locations Search tab

    and click Save As.

     
  2. Let's keep the default settings, and click Schedule this Search


    You will see the Save Search As options change to permit alerts.

     
  3. Set the following fields:
    1. Run Frequency. Every 15 minutes. The search will run every 15 minutes at :00, :15, :30, and :45
    2. Time range for scheduled search. Let's set this for Last 3 Hours.
    3. Timezone for scheduled search. This option is great when your source logs are in another timezone but for now, let's leave this at GMT-8:00.
    4. Send Notification. Select Every time a search is complete. You will get an email with search results every  every 15 minutes based on the selection you made in Run frequency.
    5. Alert Type. Select Email
    6. Send email on failure to search owner. This check box is activated by default, but let's uncheck that box for this tutorial.
    7. Recipients. Put your own email address. Don't copy my happy_sumo_user@sumologic.com address.
    8. Email Subject. Lets use some variables to make the subject meaningful to you:

      $SearchName $FireTime $NumRawResults

      This will give you a subject line with the name of the saved search, the time that the search ran, and the number of raw messages returned by the search.
    9. Include in email. Keep the default options of elect a CSV file of the results to go with your alert. Choose Results as a CSV attachment. (The maximum CSV file size allowed is 5MB or 1,000 results. )
  4. Click Save.
    Soon, you should see your first email alert:


    And, also a CSV file named with the search name and timestamp: