Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

How to Webinar: Monitoring through Alerts

Sumo Logic
Sumo Logic

How do I get notified of critical events? This webinar will cover how to create alerts that will allow your team to effectively monitor business-critical events. Alert channels include email or webhooks into Slack, PagerDuty, DataDog, ServiceNow, or any other webhook you want to develop. What about running custom scripts triggered from alerts? Let's do it.

1 of 13
Sumo Logic Confidential Monitoring through Alerts January 2016 How-To Webinar
Sumo Logic Confidential Agenda Monitoring Through Alerts Alert Types Email Script Action ServiceNow Webhooks Save to Index Creating Meaningful Alerts
Sumo Logic Confidential Sumo Logic Data Flow Data Collection Search & Analyze Visualize & Monitor Alerts Dashboards Collectors Sources Operators Charts 1 2 3
Sumo Logic Confidential Alerting Using a Scheduled Search, you can set Alerts to trigger whenever the search completes or when a certain condition is met. Alert types include: • Email • Script Action • ServiceNow Connection • Webhook • Save to Index
Sumo Logic Confidential Saving and Scheduling an Alert 1. Save your Search 2. Schedule the Search 3. Specify frequency and time range 4. Specify Alert condition & threshold 5. Specify Alert Type and details
Sumo Logic Confidential Alert Type: Email Email Alert can be sent, based on Search completion or on meeting a preset condition • Email contains a representative sample of the first 20 rows of your results • Clickable links provide all results within the Sumo Logic service • Note: Max of 120 emails sent per day Full results available within the Sumo Logic service
Sumo Logic Confidential Alert Type: Script Action Can be used to trigger a custom script hosted on a local server. Steps to Build Script Action: 1. Add a Script Action to the Installed Collector 2. Define and specify your Script
Sumo Logic Confidential Alert Type: Script Action Steps to Schedule Script Action: 1. Create, save and schedule the query for the data in question 2. Select Script Action as your Alert Type and provide your newly created Script Action Key Points • Your script is hosted where your installed collector lives • Your script has access to the search results (JSON format) • Your script can call any other scripts • Good fit for connecting to on-premise systems behind firewall
Sumo Logic Confidential Alert Type: ServiceNow Connection Integration that creates ServiceNow incident tickets from alerts as well as from messages in search results Steps to Set up: 1. Build a ServiceNow Connection 2. Schedule a Search
Sumo Logic Confidential Alert Type: Webhooks Target systems that support incoming webhook/HTTP alerts. Easy cloud-cloud integration. Steps to Set up: 1. Build a Webhook Connection • Templates for common systems 2. Schedule a Search
Sumo Logic Confidential Alert Type: Save to Index You can save the results of a search to an index, so your data can be searched at a later time with increased search performance. For Example: _index=apache_404 § Original query has no aggregation § Alert saves message detail of each 404 message § New index (bucket) contains only 404 messages Save to Index versus Scheduled View Whenever possible, use a Scheduled View, as it offers safeguards and management features. However, if you need to use operators that are restricted in SVs, you can use Save to Index instead.
Sumo Logic Confidential Best Practices: Good Alerts, Bad Alerts To be meaningful, Alerts should be: • Actionable – Alerts should have an associated playbook detailing steps to take • Directed – Alerts should be directed to an individual or group accountable for handling it • Dynamic – Instead of static thresholds, smart Alerts can track outliers, moving averages and/or abnormal increases. • Blog Post: 2 Key Principles for Creating Meaningful Alerts
Sumo Logic Confidential Summary Alert Types include: Email Script Action ServiceNow Webhooks Save to Index Alerts should be Actionable and Directed Meaningful Alerts use Dynamic Thresholds

More Related Content

How to Webinar: Monitoring through Alerts

  • 1. Sumo Logic Confidential Monitoring through Alerts January 2016 How-To Webinar
  • 2. Sumo Logic Confidential Agenda Monitoring Through Alerts Alert Types Email Script Action ServiceNow Webhooks Save to Index Creating Meaningful Alerts
  • 3. Sumo Logic Confidential Sumo Logic Data Flow Data Collection Search & Analyze Visualize & Monitor Alerts Dashboards Collectors Sources Operators Charts 1 2 3
  • 4. Sumo Logic Confidential Alerting Using a Scheduled Search, you can set Alerts to trigger whenever the search completes or when a certain condition is met. Alert types include: • Email • Script Action • ServiceNow Connection • Webhook • Save to Index
  • 5. Sumo Logic Confidential Saving and Scheduling an Alert 1. Save your Search 2. Schedule the Search 3. Specify frequency and time range 4. Specify Alert condition & threshold 5. Specify Alert Type and details
  • 6. Sumo Logic Confidential Alert Type: Email Email Alert can be sent, based on Search completion or on meeting a preset condition • Email contains a representative sample of the first 20 rows of your results • Clickable links provide all results within the Sumo Logic service • Note: Max of 120 emails sent per day Full results available within the Sumo Logic service
  • 7. Sumo Logic Confidential Alert Type: Script Action Can be used to trigger a custom script hosted on a local server. Steps to Build Script Action: 1. Add a Script Action to the Installed Collector 2. Define and specify your Script
  • 8. Sumo Logic Confidential Alert Type: Script Action Steps to Schedule Script Action: 1. Create, save and schedule the query for the data in question 2. Select Script Action as your Alert Type and provide your newly created Script Action Key Points • Your script is hosted where your installed collector lives • Your script has access to the search results (JSON format) • Your script can call any other scripts • Good fit for connecting to on-premise systems behind firewall
  • 9. Sumo Logic Confidential Alert Type: ServiceNow Connection Integration that creates ServiceNow incident tickets from alerts as well as from messages in search results Steps to Set up: 1. Build a ServiceNow Connection 2. Schedule a Search
  • 10. Sumo Logic Confidential Alert Type: Webhooks Target systems that support incoming webhook/HTTP alerts. Easy cloud-cloud integration. Steps to Set up: 1. Build a Webhook Connection • Templates for common systems 2. Schedule a Search
  • 11. Sumo Logic Confidential Alert Type: Save to Index You can save the results of a search to an index, so your data can be searched at a later time with increased search performance. For Example: _index=apache_404 § Original query has no aggregation § Alert saves message detail of each 404 message § New index (bucket) contains only 404 messages Save to Index versus Scheduled View Whenever possible, use a Scheduled View, as it offers safeguards and management features. However, if you need to use operators that are restricted in SVs, you can use Save to Index instead.
  • 12. Sumo Logic Confidential Best Practices: Good Alerts, Bad Alerts To be meaningful, Alerts should be: • Actionable – Alerts should have an associated playbook detailing steps to take • Directed – Alerts should be directed to an individual or group accountable for handling it • Dynamic – Instead of static thresholds, smart Alerts can track outliers, moving averages and/or abnormal increases. • Blog Post: 2 Key Principles for Creating Meaningful Alerts
  • 13. Sumo Logic Confidential Summary Alert Types include: Email Script Action ServiceNow Webhooks Save to Index Alerts should be Actionable and Directed Meaningful Alerts use Dynamic Thresholds