User-defined Alerts

You can define alerts, control the intervals at which alert queries run, and the conditions when VMware Aria Operations for Logs (SaaS) sends alert notifications, by creating one of the following alert types.

Alerts Based on Number of Events Within a Custom Period of Time

The alert query intervals for these alerts, also known as windowed alerts, depend on your settings. A notification is triggered according to your settings, when more or less than X matching logs occur in the last Y minutes.

If this type of alert is triggered, it is snoozed during its time period to prevent duplicate alerts from being raised for the same set of events.

Alerts on Every Match

You can create real-time alerts that match the alert query for every log that is ingested into VMware Aria Operations for Logs (SaaS).

Content Pack Alerts

Content packs can contain alerts. The vSphere content pack that is included in VMware Aria Operations for Logs (SaaS) by default contains several predefined alerts. You can enable these alerts in your environment.

All content pack alerts are deactivated by default.

Alert Evaluation Interval

The alert evaluation interval defines the system's wait time before evaluating the trigger conditions for an alert, after you define the alert. For most trigger periods, the evaluation frequency is 1 minute, which means that the system evaluates the alerts a minute after the alert's trigger period starts.

The table below lists the evaluation interval for alert trigger periods available on the Create a New Alert page:

When defining an alert, if you choose the trigger period as 1 hour, even if an incoming log matches the trigger condition immediately, you will only receive an alert notification after the 15-minute evaluation interval. For example, if the alert trigger period starts at 11 AM, and the alert trigger condition is met at 11:02 AM, you will only receive the alert notification at 11:15 AM.