You can configure alert queries in vRealize Log Insight to send email notifications when specific data appears in the logs.


  • Verify that you are logged in to the vRealize Log Insight Web user interface. The URL format is https://log_insight-host, where log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

  • Verify that an administrator has configured SMTP to enable email notifications. See Configure the SMTP Server for Log Insight.


  1. On the Interactive Analytics tab, run the query for which you want notifications to be sent .
  2. From the Create or manage alerts menu on the right of the Search button, click and select Create Alert from Query.
  3. In the Add Alert dialog box, type a name for the alert, and provide a short meaningful description of the event that triggers the alert.

    The alert name and description are included in the email that vRealize Log Insight sends.

  4. Select the Email check-box and type the email address to which you want vRealize Log Insight to send the notifications.

    Use commas to separate multiple addresses.

  5. Set the alert threshold.

    Alert Type


    Any Match

    Select the on any match option.

    Queries run every 5 minutes.

    Based on the event type

    Select the When a new event type is seen option.

    Queries run every 5 minutes.

    Based on number of events within a period of time

    Select the third option and use the drop-down menus to set the parameters.

    Queries run based on your selection in the drop-down menu.

    Based on chart values

    Select the fourth option and use the drop-down menus to configure the parameters.


    This alert type is available only if you select to group events according to at least one field. You cannot create this alert type for charts that visualize only time series.

    Queries run based on your selection in the second drop-down menu.

    The orange line in the preview chart shows the current threshold.

  6. Click Save.

What to do next

You can enable, disable, or delete your saved alerts.


Alert queries are user specific. You can manage only your own alerts.