diff --git a/blog-service/2024-10-22-monitors.md b/blog-service/2024-10-22-monitors.md new file mode 100644 index 0000000000..af6e8a47a8 --- /dev/null +++ b/blog-service/2024-10-22-monitors.md @@ -0,0 +1,14 @@ +--- +title: Convert to Anomaly Feature for Log Monitors (Monitors) +image: https://www.sumologic.com/img/logo.svg +keywords: + - monitors + - alerts +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +icon + +We’ve added the **Convert to Anomaly** option, allowing you to convert outlier monitors into anomaly-based monitors for more efficient data usage and reduced alert noise. Please note that this feature is only available for log monitors at this time. [Learn more](/docs/alerts/monitors/settings). diff --git a/docs/alerts/monitors/settings.md b/docs/alerts/monitors/settings.md index 8eee1c0999..8d67326a3a 100644 --- a/docs/alerts/monitors/settings.md +++ b/docs/alerts/monitors/settings.md @@ -8,14 +8,14 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; The monitors page allows you to view, create, manage, and organize your monitors. To access it from the [**Classic UI**](/docs/get-started/sumo-logic-ui-classic), select **Manage Data > Monitoring > Monitors**; from the [**New UI**](/docs/get-started/sumo-logic-ui/), select **Alerts > Monitors**. -![monitors page](/img/alerts/monitors/monitors-page.png) +Monitors page ## Monitor attributes Each monitor is assigned the following attributes: * **Name**. Name of the monitor. * **Status**. Shows the status of the monitor - **Normal, Critical, Warning, or Missing Data**. A monitor can be in multiple states at the same time. Normal indicates none of the trigger conditions are met and your data is actively being monitored. - * For **Critical** and **Missing Data** monitors, hover your cursor over its **Status** and click the open icon to view all alerts triggered by that monitor.
monitor shortcut + * For **Critical** and **Missing Data** monitors, hover your cursor over its **Status** and click the open icon to view all alerts triggered by that monitor.
monitor shortcut * **Subscribed**. Indicates whether or not you're subscribed to receive alerts from a monitor. * **Type**. Indicates whether the monitor type is either logs or metrics. * **Tags**. Lists the [tag(s)](#tags) applied to a monitor. @@ -26,11 +26,11 @@ Each monitor is assigned the following attributes: ## Search and filter monitors At the top of the page, you can: -* **Search Monitors**. If you know a monitor's name or partial name, enter that in the input field to run a search.
search monitors input - * **Add a filter**. Click in this field to view a list of available filters, such as Status and Tag, to search monitor attributes. To view all monitors that are currently triggered, click **Status: All Triggered**.
search monitors input -* **Add** > **New Folder**. Creates a folder to organize your monitors.
import-folder -* **Add** > **New Monitor**. Creates a [new monitor](/docs/alerts/monitors/create-monitor).
new-monitor -* **Add** > **Import**. Imports monitors from the exported JSON you copied from the **More Actions** menu in the [Details pane](#monitor-details-pane) of the original monitor.
import-monitor +* **Search Monitors**. If you know a monitor's name or partial name, enter that in the input field to run a search.
search monitors input + * **Add a filter**. Click in this field to view a list of available filters, such as Status and Tag, to search monitor attributes. To view all monitors that are currently triggered, click **Status: All Triggered**.
search monitors input +* **Add** > **New Folder**. Creates a folder to organize your monitors.
import-folder +* **Add** > **New Monitor**. Creates a [new monitor](/docs/alerts/monitors/create-monitor).
new-monitor +* **Add** > **Import**. Imports monitors from the exported JSON you copied from the **More Actions** menu in the [Details pane](#monitor-details-pane) of the original monitor.
import-monitor :::important The **Import** function is provided for you to transfer data immediately. The Sumo Logic JSON format may change without notice. There is no guarantee that you will be able to import the JSON in the future. @@ -38,11 +38,11 @@ The **Import** function is provided for you to transfer data immediately. The Su ## Quick menu -The quick menu allows you to make changes to the monitor without opening the Details pane. Find and hover your mouse over a monitor in the monitors table. A three-dot kebab icon appears on the right of the row. Click the three-dot kebab icon to view a menu with all of the options available in the [Details pane](#monitor-details-pane).
![quick menu](/img/alerts/monitors/quick-menu-monitors.png) +The quick menu allows you to make changes to the monitor without opening the Details pane. Find and hover your mouse over a monitor in the monitors table. A three-dot kebab icon appears on the right of the row. Click the three-dot kebab icon to view a menu with all of the options available in the [Details pane](#monitor-details-pane).
Quick menu.png ## Monitor details pane -The monitor details pane provides additional information about a selected monitor, like its query, trigger conditions, and notification preferences. Select any monitor from your **Monitors** list, and a details pane will appear to the right of the table.
monitor-details.png +The monitor details pane provides additional information about a selected monitor, like its query, trigger conditions, and notification preferences. Select any monitor from your **Monitors** list, and a details pane will appear to the right of the table.
monitor-details.png In addition to the details listed under [Monitor attributes](#monitor-attributes), you'll also see the following: @@ -56,6 +56,24 @@ In addition to the details listed under [Monitor attributes](#monitor-attributes * **Alert Grouping**. * **Trigger Conditions**. Thresholds value that must met for monitor to trigger an alert. Applicable values include Critical, Warning, and Missing Data. These values are set when you create a monitor and can be based on a variety of metrics such as CPU usage, network latency, application response time. + +### Convert to anomaly + +:::note Log monitors only +Metrics monitors not supported at this time. +::: + +Outlier monitors are functionally similar to anomaly monitors, but they tend to generate more noise. From a data usage perspective, anomaly monitors are more cost-effective. + +To reduce data usage and alert frequency, you can convert an existing outlier monitor to an anomaly-based monitor by clicking **Convert to Anomaly**. This action will open a monitor configuration window with the [detection method](/docs/alerts/monitors/create-monitor/#detection-method) preset to **Anomaly**, and you can adjust other settings as needed. You’ll then have the option to either disable the original outlier monitor or keep it active.
convert-to-anomaly + +Alternatively, you can do this from the **Scan Estimates** pop-up.
convert-to-anomaly from scan estimates + +For more guidance on optimizing scan costs on Flex Pricing plans, see: +* [Scan estimates](/docs/manage/partitions/flex/estimate-scan-data) +* [Optimizing scan costs for monitors](/docs/alerts/monitors/monitor-faq/#how-can-i-optimize-scan-costs-for-monitors-when-using-flex-pricing) + + ### View in Log Search The **View in Log Search** button opens a new **Log Search** page with the monitor’s query preloaded in the search field. You can run the query to compare the search results against the threshold values set in your monitor. @@ -79,19 +97,19 @@ Note that the same threshold translating functionality supports to [Creating Mon Click the **Edit** button to make changes to the selected monitor. -edit-monitor +edit-monitor ### Disable a monitor Click the **Disable** button put the monitor in a disabled state so it will not fire any notifications. -disable-monitor +disable-monitor ### Mute a monitor Click the **Mute** button mute the monitor. See also: [Muting Schedules](/docs/alerts/monitors/muting-schedules). -mute-monitor +mute-monitor ### More actions @@ -102,7 +120,7 @@ Click the **More Actions** menu to view more options, including: * **Move**. Moves the monitor to a different path. * **Export**. Provides JSON of the monitor, allowing you to transfer content within Sumo Logic by copying this JSON, then pasting it into the import dialog in the [Library](/docs/get-started/library) location you choose. This JSON format may change without notice.  -monitor more actions +monitor more actions ## Tags @@ -164,4 +182,4 @@ The permissions you set for a folder are inherited by that folder’s subfolders ## Monitor History -In the **Monitor History** tab, you can view the history of all triggered alerts of your selected monitor.
monitor-history.png +In the **Monitor History** tab, you can view the history of all triggered alerts of your selected monitor.
monitor-history.png diff --git a/static/img/alerts/monitors/convert-to-anomaly.png b/static/img/alerts/monitors/convert-to-anomaly.png new file mode 100644 index 0000000000..7f33701b11 Binary files /dev/null and b/static/img/alerts/monitors/convert-to-anomaly.png differ diff --git a/static/img/alerts/monitors/scan-estimates-anomaly.png b/static/img/alerts/monitors/scan-estimates-anomaly.png new file mode 100644 index 0000000000..20e3a0a8f2 Binary files /dev/null and b/static/img/alerts/monitors/scan-estimates-anomaly.png differ