You can configure alerts in vRealize Log Insight to send notification events to vRealize Operations when specific vRealize Log Insight alert queries return results above a given threshold.

Notification events that vRealize Log Insight generates are associated with resources in vRealize Operations. You can read more about resources in the vRealize Operations Getting Started Guide (Custom UI).

Note: Several minutes are required for notification events to appear in the vRealize Operations user interface.

Prerequisites

  • Verify that you are logged in to the vRealize Log Insight web user interface, for which the URL format is https://log_insight-host. Here, log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
  • Verify that your user account is associated with a role that has the relevant permissions for alerts.

    If your user account is assigned a role with view access to alerts (for example, the User role), you can view and manage all the alerts in your organization.

    If your user account is assigned a role with edit or full access to alerts (for example, the Super Admin role):
    • You can activate or deactivate all the system alerts in your organization.
    • You can create, modify, and remove all the user-defined alerts in your organization.
    For information about roles, see Create and Modify Roles in Administering vRealize Log Insight.
Also, verify that the connection between vRealize Log Insight and vRealize Operations is configured to activate alert integration. See Configure Log Insight to Send Notification Events to vRealize Operations.

Procedure

  1. Expand the main menu and navigate to Alerts > Alerts Definition.
  2. Click Create New.
    Tip: Alternatively you can navigate to the Explore Logs page and create an alert based on a query. Enter a query, and next to the Search button, click "" and select Create Alert from Query.
  3. Enter the alert name, description, and trigger condition as described in Define an Alert.
    The alert name and description are included in the notification event that vRealize Log Insight sends.
  4. Select Send to vROps.
  5. From the Fallback Object drop-down menu, select a fallback object.
    When integrated with vRealize Operations 6.0 and above, alerts are sent as notifications to the virtual machines, ESXi hosts, or vCenter Server objects that caused the alert. Alerts raised by other entities are sent to the selected fallback object.
  6. (Optional) From the Criticality drop-down menu, select the criticality level for the notification events that appear in the vRealize Operations custom user interface.
  7. (Optional) To cancel the alert in vRealize Operations if it is not triggered within a certain period, select the Auto Cancel check box and enter the cancellation period.
  8. Click Save.

Results

When the alert query returns results that match the alert criteria, a notification event is sent to vRealize Operations. Alert queries run on a predefined schedule and are triggered only once for a given threshold time range.

The locations of the notification events depend on the vRealize Operations user interface that you use. See Log Insight Notification Events in vRealize Operations.

Example: Configure a Notification Alert to vRealize Operations

Assume that in vRealize Operations, you have a virtual machine resource named vm-abc.

You have configured vRealize Log Insight to pull events from the vCenter Server system where the virtual machine vm-abc runs.

You want to receive a notification in vRealize Operations each time the vm-abc virtual machine is powered off.

Here is how to configure vRealize Log Insight to send these notification events to vRealize Operations.

  1. In the search text box in the Explore Logs page, enter Power Off virtual machine.
  2. Click Add a Filter, select vc_vm_name.
  3. Click Search.

    If the vm-abc virtual machine has been powered off during the selected time range, the search returns all instances that occurred.

  4. From the drop-down menu on the right of the Search button, select Create Alert from Query.
  5. Enter a name and description for the alert.
  6. Under Trigger Conditions, select Real Time from the time period drop-down menu.
  7. Select Send to vROps.
  8. From the Fallback Object drop-down menu, select vm-abc.
  9. (Optional) Modify the criticality level that is displayed in the vRealize Operations custom user interface.
  10. (Optional) Select an auto-cancel setting and cancellation period.
  11. Click Save.

vRealize Log Insight polls the vCenter Server system at five-minute intervals. If the query returns a new power off virtual machine task from the virtual machine vm-abc, vRealize Log Insight sends a notification event that is associated with the vm-abc resource in vRealize Operations.

What to do next

You can activate, deactivate, or modify the alert.