The Service Map for APM is here!
home Home docs Docs api API

Log monitor

Log monitor overview

Overview

Log monitors alert when a specified type of log exceeds a user-defined threshold over a given period of time. Common use cases for this monitor include:

  • Code exception errors monitoring
  • Build job notifications

Setup

  1. Define the search query:

    Define the search query
    The search query has the same behavior as the log explorer search

  2. (Optional) Define the alert grouping:

    Set alert conditions
    With or without alert grouping defined, you get one alert when the aggregated value meets the conditions set below. Even if you split the query by host, a single notification is sent if several hosts meet the conditions set below. This is done to reduce notification noise.

  3. Set alert conditions. The following options can be used:

  • Above
  • Above or equal
  • Below
  • Below or equal

Then configure the Alert and/or Warning threshold depending on the chosen condition:

Set alert conditions

  1. Configure your notification options:
    Refer to the notifications dedicated documentation page for detailed options.

Notifications and log samples

It is possible to add up to 10 samples of logs that triggered the monitor in the notification message. This is available for Slack, Jira, and email notifications.

  • Samples are not displayed for recovery notifications.

Enabling log samples in notifications:

Activate log samples in message

Example for a Slack notification

Slack notification example

Multi alerts

For Slack and email notifications you can enable the top 10 of breaching values in your multi alert notifications.

Enabling top 10 breaching values in notifications

Activate log samples in message

Example for a Slack notification

Slack notification example

No Data alerts and Below Conditions

To be notified if a specific set of logs are not received anymore, set the condition below 1. This notifies when no logs match the monitor query on the given timeframe.

However, note that when splitting the monitor by any dimension (tag or facet) and using a below condition, the alert is triggered if and only if there are logs for a given group, and the count is below the threshold—or if there are no logs for all of the groups.

Examples:

  1. The following monitor triggers if and only if there are no logs for all of the services:
    Below monitor split by service
  2. The following monitor triggers if there are no logs for the service backend:
    Below monitor for backend service

Further Reading

Additional helpful documentation, links, and articles:

Table of Contents