Current view: XpoLog V7 (Latest). Available: XpoLog V6 and XpoLog V5

Skip to end of metadata
Go to start of metadata

XpoLog comes with a built-in monitoring engine that enables you to monitor logs data and get alerts when defined criteria is met.

The monitors console is available at XpoLog Manager left navigation panel Monitors and Tasks > Monitors. The monitors console presents all defined monitors, their last execution time, their defined alerts, search queries, and their last status (failure = matching events were detected in the last execution and alerts were sent, success = matching events were not found in the last execution and alerts were not sent).

Using the console you can define monitors and groups of monitors, export/import monitors between environments, suspend/resume monitor's execution, delete and edit.

Alert Types
The monitors can be automated, and send alerts in various forms:

  • Email - sends an email alerts to a list of users (make sure you have configured the required mail settings in XpoLog). 
    Note - The e-mail list should be formatted correctly in e-mail format, not Outlook format, since this format is not supported.
    • Email Alert Advanced options
      • Data Attachment it is possible to add to the email alert the following:
        • Append event to end of email bodyadd to the email body the latest log event that triggered the alert in the current execution 
        • Attach a dashboardattach to the email one of the existing Dashboards
        • Attach matched events as: attach to the email all the records which triggered the alert in the current execution as a files from one of the available types CSV / Tab Delimited / XML
          • Check to zip the attached file: in case 'Attach matched events as' is checked - determine whether the attachment will be zipped or not.
      • From Email Address it is possible to customize the 'From' email address (by default the system email address will be used).

      Note: XpoLog sends email alerts in HTML format, therefore use the HTML <br> element produces a line break in text in the email body.
  • SNMP Traps - sends a SNMP trap (make sure you have configured the required SNMP account in XpoLog).
  • JMS Messages - sends a JMS message (make sure you have configured the required JMS account in XpoLog).
  • Batch Alert (Custom Scripting) - open mechanism which executes any script as part of the monitor's failure.
    • Custom Scripting Details: it is possible to export all the records which triggered the alert in the current execution to a file (Program/Script path=CMD echo "export").
    • Custom Scripting Alert Advanced options:
      • Export Data - exports all the records which triggered the alert in the current execution to a file (it is also possible to export only selected fields under the Custom type) from one of the available types.
        You can add a placeholder [TIMESTAMP] to the given name of the file in order to create a new file per execution that triggers the alert.
  • REST API Call it is possible to open a URL (POST/GET/PUT/DELETE) call and send information which was detected in the monitor execution.
  • Slack - publishes a message to Slack channel(s) - make sure you have configured the required Slack settings in XpoLog.
  • Microsoft Teams - publishes a message to MS Teams channel(s) - make sure you have configured the required MS Teams settings in XpoLog.
  • PagerDuty - Opens an incident in a PagerDuty's service(s) - make sure you have configured the required PagerDuty settings in XpoLog.

Runtime Placeholders

XpoLog can add additional information to the alerts from the logs and monitors which are executed such as log name, monitor name, log column content, etc.It is also possible to add selected log fields to monitor alerts by placing the following placeholders in any one of the above listed alerts
(case sensitive):

  • [SEARCH_QUERY] = By default, the search query used in the search monitor is presented in the alert's subject. Occasionally, the search query may be long so it is possible to include this placeholder in the email body which will be replaced upon execution with the query.
  • [END_OF_SUBJECT] = Used in the end of the message subject in case there is a need to exclude the search query from the subject. 
  • [COLUMN_NAME] = the name of the column which its content will be included
  • [MONITOR_ID] = the unique id of the monitor
  • [MONITOR_NAME] = the name of the monitor
  • [MONITOR_STATUS] = the monitor status : 1 = failure , 0 = success
  • [LOG_NAME] = the log name that the included event is originated from
  • [LOG_ID] = the log name that the included event is originated from
  • [HOST_NAME] = the host name that the included event is originated from
  • [APPTAGS] = the application(s) name(s) that the monitor is associated with
  • [FOLDER_NAME] = the parent folder name that the included event is originated from

 

  • No labels