Creating event alerts
About this task
Event alerts are triggered off user-defined events that are created in the Discover Event Manager. For example, you can create an event that accumulates the number of Failed Logins per hour. In the alert definition, if the threshold exceeds 5, you can configure an email to be sent to the interested parties.
One event can be the trigger for multiple alerts. In the above example, you could create a higher-priority alert that is sent to the IT department if the threshold exceeds 20, which could indicate a problem with the web server.
- Events that have the Display in Portal setting disabled are not available for generating alerts.
To create an event alert:
Procedure
- In the Portal, select .
- In the Discover Event Manager, click the Alerts tab.
- In the toolbar, click New Event Alert.
- To create a Canister alert, click New Canister Alert. See Creating canister alerts.
- The Event Alert Properties dialog is displayed:
- Enter a user-friendly name for the alert.
- If no text is entered, a default description is created by appending the event description to the text "Alert On - ". Descriptions do not have to be unique.
- To assign the alert to an alert group, click Select....
A new group name can be entered for the alert, or you can select an
existing group that is selected from the drop-down.
- Groups aid in managing alert display and selection within Discover Event Manager.
- Event groups and alert groups are separate and independent of one another.
- See Creating or editing an alert group.
- To add an event group to your alert, click <Select Event>.
-
Once you have selected your event you can choose a dimension group by clicking
Dimension.
- After choosing a dimension group and clicking OK you will be prompted to define the dimension and value. If you need to choose more than one dimension and value combination, click Add.
- To activate the alert, click the Active check box. When selected, alert is enabled and processed as configured by Discover.
- Configure the properties in each tab:
- To save the alert, click Save Draft. The alert is saved to your local computer.
- To commit the alert to the server, click Save Changes.
- Alert definitions are saved separately from the event information.
The Alert Service becomes aware of the new alert definition when the
alert definitions are refreshed.
- Typically, this interval is 10 minutes.
- To force a refresh, you can restart the Alert Service. However, this method causes all accumulated event alert counts to be reset to zero.