You can configure alerts in vRealize Log Insight to send notification events to vRealize Operations when specific vRealize Log Insight alert queries return results above a given threshold.
Notification events that vRealize Log Insight generates are associated with resources in vRealize Operations. You can read more about resources in the vRealize Operations Getting Started Guide (Custom UI).
Prerequisites
- Verify that you are logged in to the vRealize Log Insight web user interface, for which the URL format is https://log_insight-host. Here, log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
- Verify that your user account is associated with a role that has the relevant permissions for alerts.
If your user account is assigned a role with view access to alerts (for example, the User role), you can view all the alerts in your organization . However, you can manage only your own alerts.
If your user account is assigned a role with edit or full access to alerts (for example, the Super Admin role):For information about roles, see Create and Modify Roles in Administering vRealize Log Insight.- You can activate or deactivate all the system alerts in your organization.
- You can create, modify, and remove all the user-defined alerts in your organization.
Procedure
Results
When the alert query returns results that match the alert criteria, a notification event is sent to vRealize Operations. Alert queries run on a predefined schedule and are triggered only once for a given threshold time range.
The locations of the notification events depend on the vRealize Operations user interface that you use. See Log Insight Notification Events in vRealize Operations.
Example: Configure a Notification Alert to vRealize Operations
Assume that in vRealize Operations, you have a virtual machine resource named vm-abc.
You have configured vRealize Log Insight to pull events from the vCenter Server system where the virtual machine vm-abc runs.
You want to receive a notification in vRealize Operations each time the vm-abc virtual machine is powered off.
Here is how to configure vRealize Log Insight to send these notification events to vRealize Operations.
- In the search text box on the Interactive Analytics tab, enter Power Off virtual machine.
- Click Add a Filter, select vc_vm_name.
- Click Search.
If the vm-abc virtual machine has been powered off during the selected time range, the search returns all instances that occurred.
- From the drop-down menu on the right of the Search button, select Create Alert from Query.
- Enter a name and description for the alert.
- Under Trigger Conditions, select Real Time from the time period drop-down menu.
- Select Send to vROps.
- From the Fallback Object drop-down menu, select vm-abc.
- (Optional) Modify the criticality level that is displayed in the vRealize Operations custom user interface.
- (Optional) Select an auto-cancel setting and cancellation period.
- Click Save.
vRealize Log Insight polls the vCenter Server system at five-minute intervals. If the query returns a new power off virtual machine task from the virtual machine vm-abc, vRealize Log Insight sends a notification event that is associated with the vm-abc resource in vRealize Operations.