Thresholds set a limit to the number of triggered alerts.

It is important to understand how thresholds work to ensure that, if enabled, a content pack alert does not unintentionally spam a user. When considering the usage of a threshold, there are two questions you must keep in mind

  • How frequently to trigger the alert? Log Insight comes with pre-defined frequencies. Alerts will only trigger once for a given threshold window.
  • How often to check if an alert state has occurred? An alert is triggered by a query. Alerts, like queries, are not real-time in the current version. For each threshold window, a pre-determined query frequency is allocated. Changing the threshold changes the query time.