LogDNA integrates with Sysdig and allows you to configure alerts, based on log lines ingested by LogDNA, that trigger new events in your Sysdig instance. This integration provides access to custom log metrics data that is useful in debugging and monitoring the health of a system.
For example, you can monitor deployments with a LogDNA view that queries for specific errors during deployment. Then attach to the view an integrated alert that is configured to trigger when more than the expected number of logs with that specific error appear. The integrated alert then sends that event to the Sysdig Events feed.
- Alerts are supported only for Sysdig Monitor events.
- Only presence alerts, not absence alerts, are supported.
- The Sysdig event timestamp will reflect when the alert is received by Sysdig. This will be displayed in the timezone as configured in the Sysdig UI (either local, or UTC)
- The event "description" field will contain a formatted version of the first log line that triggered the alert. Note that the timestamp of this line will differ from the Sysdig event timestamp depending on the configuration of the LogDNA alert.
For general information on alerts and instructions on how to create alerts, see the documentation instructions listed in the “How to create an alert” section of the documentation.
- In either the View-specific or preset Alert modal, select the Sysdig logo to configure a Sysdig alert channel.
- On the Alert modal, define the alert properties (learn more here). After defining the conditions for sending the alert (e.g. how many matching log lines with a certain time frame), you can choose to set a custom schedule for the alert.
- Enter the Sysdig API key. You can find this value by clicking on your user icon in the lower left corner of the Sysdig Monitor UI, and then selecting Settings to display your User Profile page with the "Sysdig Monitor API Token."
- Enter the Sysdig instance URL. This URL is the base URL for your Sysdig Monitor instance. You can choose from the dropdown list of available URLs, or enter your own (for on-premise or other Sysdig installations)
- Select the Severity level for the alert, as you want it to appear in the Sysdig application UI. For example, if the query upon which your view is based searches for multiple failed log-in attempts, you could select High as the severity label.
By default, the Severity level is set to
Click Save Alert.
When the parameters of the alert's conditions are met, the Sysdig UI displays the alerts in the Events feed.
Updated 7 months ago