Create Alerts for Detected Events
You can set up alarms for the events detected at ingest time or by the scheduled searches by specifying the threshold, time range, and the notification. When the search criteria meets the threshold value over the specified time interval, an alert is generated and a notification is sent to the specified recipient.
To set up an alarm, you must first create a detection rule to detect an event. The following events can be detected: scheduled task for the saved search which can emit metrics to the Monitoring service. Managing alarms is part of the Monitoring service. Ensure that the required IAM policies are created when you create a scheduled task, which will be sufficient to use the alarm feature in the Monitoring service.
- At ingest time based on the predefined condition matching the log content
- Through a scheduled search
The detected events can emit metrics to the Monitoring service. Managing alarms is part of the Monitoring service. Ensure that the required IAM policies are created when you create a detection rule, which will be sufficient to use the alarm feature in the Monitoring service.
-
-
For ingest time event detection: Create ingest time detection rule to detect specific content in the log records at ingest time. See Detect Predefined Events at Ingest Time.
-
For scheduled search event detection: Create a saved search by saving your query. Create a scheduled search by selecting your saved search. See Save a Search and Add It to a Dashboard and Create a Schedule to Automatically Run a Saved Search Query.
When the specified event is detected, a metric value is posted to OCI Monitoring service.
-
-
Create an alarm for the metrics posted in the OCI Monitoring service. See Oracle Cloud Infrastructure Documentation - Creating an Alarm.
If you want to create the alarm before the metric is posted in OCI Monitoring service, then use the CLI, SDK, or console as discussed below to specify the metric name.
- In the OCI Monitoring service console, click Switch to Advanced Mode in the Create Alarm page. In the section Metric description, dimensions, and trigger rule, specify the metric name in Query code editor using the Monitoring Query Language (MQL) expression.
- Use
createin CLI. Use the--query-textparameter to provide the Monitoring Query Language (MQL) expression to specify the metric name. See CLI: create. - Use the
create_alarmmethod in SDK. Specify the name of the metric with the parameterqueryinside the document attached to thecreate_alarm_detailsparameter. See Software Development Kits and Command Line Interface.