You can configure alerts in VMware Aria Operations for Logs to send notification events to VMware Aria Operations when specific VMware Aria Operations for Logs alert queries return results beyond a given threshold.

Notification events that VMware Aria Operations for Logs generates are associated with resources in VMware Aria Operations. You can read more about resources in the VMware Aria Operations Getting Started Guide (Custom UI).

Note: Several minutes are required for notification events to appear in the VMware Aria Operations user interface.

Prerequisites

  • Verify that you are logged in to the VMware Aria Operations for Logs web user interface, for which the URL format is https://operations_for_logs-host. Here, operations_for_logs-host is the IP address or host name of the VMware Aria Operations for Logs virtual appliance.
  • Verify that your user account is associated with a role that has the relevant permissions for alerts.

    If your user account is assigned a role with view access to alerts (for example, the User role), you can view and manage all the alerts in your organization.

    If your user account is assigned a role with edit or full access to alerts (for example, the Super Admin role):
    • You can activate or deactivate all the system alerts in your organization.
    • You can create, modify, and remove all the user-defined alerts in your organization.
    For information about roles, see Create and Modify Roles in Administering VMware Aria Operations for Logs.
Also, verify that the connection between VMware Aria Operations for Logs and VMware Aria Operations is configured to activate alert integration. See Configure Log Insight to Send Notification Events to VMware Aria Operations.

Procedure

  1. Expand the main menu and navigate to Alerts > Alerts Definition.
  2. Click Create New.
    Tip: Alternatively you can navigate to the Explore Logs page and create an alert based on a query. Enter a query, and next to the Search button, click "" and select Create Alert from Query.
  3. Enter the alert name, description, and trigger condition as described in Define an Alert.
    The alert name and description are included in the notification event that VMware Aria Operations for Logs sends.
  4. Select Send to VMware Aria Operations.
  5. From the Fallback Object drop-down menu, select a fallback object.
    When integrated with VMware Aria Operations, alerts are sent as notifications to the virtual machines, ESXi hosts, or vCenter Server objects that caused the alert. Alerts raised by other entities are sent to the selected fallback object.
  6. (Optional) From the Criticality drop-down menu, select the criticality level for the notification events that appear in the VMware Aria Operations custom user interface.
  7. (Optional) To cancel the alert in VMware Aria Operations if it is not triggered within a certain period, select the Auto Cancel check box and enter the cancellation period.
  8. Click Save.

Results

When the alert query returns results that match the alert criteria, a notification event is sent to VMware Aria Operations. Alert queries run on a predefined schedule and are triggered only once for a given threshold time range.

The locations of the notification events depend on the VMware Aria Operations user interface that you use. See VMware Aria Operations for Logs Notification Events in VMware Aria Operations.

Example: Configure a Notification Alert to VMware Aria Operations

Assume that in VMware Aria Operations, you have a virtual machine resource named vm-abc.

You have configured VMware Aria Operations for Logs to pull events from the vCenter Server system where the virtual machine vm-abc runs.

You want to receive a notification in VMware Aria Operations each time the vm-abc virtual machine is powered off.

Here is how to configure VMware Aria Operations for Logs to send these notification events to VMware Aria Operations.

  1. In the search text box in the Explore Logs page, enter Power Off virtual machine.
  2. Click Add a Filter, select vc_vm_name.
  3. Click Search.

    If the vm-abc virtual machine has been powered off during the selected time range, the search returns all instances that occurred.

  4. From the drop-down menu on the right of the Search button, select Create Alert from Query.
  5. Enter a name and description for the alert.
  6. Under Trigger Conditions, select Real Time from the time period drop-down menu.
  7. Select Send to vROps.
  8. From the Fallback Object drop-down menu, select vm-abc.
  9. (Optional) Modify the criticality level that is displayed in the VMware Aria Operations custom user interface.
  10. (Optional) Select an auto-cancel setting and cancellation period.
  11. Click Save.

VMware Aria Operations for Logs polls the vCenter Server system at five-minute intervals. If the query returns a new power off virtual machine task from the virtual machine vm-abc, VMware Aria Operations for Logs sends a notification event that is associated with the vm-abc resource in VMware Aria Operations.

What to do next

You can activate, deactivate, or modify the alert.