Skip to content

new open360 #876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Simplychee merged 6 commits into from
Aug 12, 2025
Merged

new open360 #876

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
15fcae6
new open360
Simplychee Jul 21, 2025
5d3ff82
dash
Simplychee Jul 30, 2025
9a37c72
image
Simplychee Jul 30, 2025
3c22c82
adding pages
Simplychee Aug 11, 2025
cd830ba
open 360 updates
Simplychee Aug 11, 2025
7a6e16e
Merge branch 'master' into open360-main
Simplychee Aug 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions docs/open360/_category_.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"label": "Open360",
"position": 2,
"link": {
"type": "generated-index",
"description": "Meet Open 360, Logz.io's new platform."
},
}
8 changes: 8 additions & 0 deletions docs/open360/alerts/_category_.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"label": "Alerts",
"position": 6,
"link": {
"type": "generated-index",
"description": "Create and manage your log and metric alerts."
},
}
34 changes: 34 additions & 0 deletions docs/open360/alerts/alert-triggers.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
sidebar_position: 7
title: Set Alert Triggers
description: Configure triggers for your alerts
image: https://dytvr9ot2sszz.cloudfront.net/logz-docs/social-assets/docs-social.jpg
keywords: [logz.io, alerts, triggers, log alerts, log analysis, observability]
---



An alert can trigger multiple times over a short period, potentially overwhelming your notification channels with noise. To mitigate this, you can set a waiting period between alert notifications, ranging from 5 minutes to 24 hours.


![Recipients and wait between notifications](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/recipients-and-wait.png)

### Alert escalations and de-escalations configuration

If you add a waiting period between notifications, they do not delay notifications of escalations or de-escalations.

If you have multiple thresholds with different severities configured for an alert, each threshold is evaluated independently. If the same alert triggers multiple times within the waiting period but for _different thresholds_, a notification for each threshold is sent out without waiting.



![Recipients and wait between notifications](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/trigger-if-jun18.png)

### Grouping alert triggers by fields

When an alert includes group-by fields, it is evaluated independently for each set of results.

Grouping results by a field means dividing the log results into distinct groups (or "buckets") based on the values returned for that field. Each _unique value or set of values_ is considered a separate event.

If the same alert triggers multiple times within the waiting period but for _different values_, notifications will be sent out without delay. The waiting period only affects notifications for the exact same set of group-by results.

For example, consider an alert that groups results by city. This alert will trigger separately for each city or set of cities. If the alert triggers for `Paris and London` and then for `Paris, London, and Berlin`, both alerts will be sent without waiting because they are triggered by different sets of values.
230 changes: 230 additions & 0 deletions docs/open360/alerts/configure-alerts-explore.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,230 @@
---
sidebar_position: 3
title: Configure an Alert
description: Create and configure alerts in Logz.io Explore Dashboards
image: https://dytvr9ot2sszz.cloudfront.net/logz-docs/social-assets/docs-social.jpg
keywords: [logz.io, alerts, explore, log alerts, log analysis, observability]
---

You can set up Logz.io log alerts to automatically receive notifications about critical issues that require your attention.

:::note
Community plans limit the number of alerts that may be enabled. See the official [pricing page](https://logz.io/pricing/) for details.
:::

## Configuring an alert

:::caution Important
You cannot configure alerts using the `logzio-alert` log type. This type is ignored by the alerts engine.
:::

### Name the alert

Give your alert a meaningful name. When your alert triggers, its name is used as the email subject or notification heading.

:::note
Your alert name can contain letters, numbers, spaces, and special characters. It **can't** contain emojis or any other elements.
:::


### Define search parameters

Next, set the search components. This determines which logs to look for and in which accounts.

<!-- If you intend to create a correlated alert with 2 queries, see [this guide](/docs/user-guide/log-management/log-alerts/correlated-alert). -->


:::note
To perform date range filtering on the `@timestamp` field, include the field as part of a query,
rather than by adding it as a filter: `@timestamp` filters are overwritten.
:::


<h3 id="query-filters"> Build your query and apply filters</h3>

You can use any combination of filters and a search query. Note the following:

* Use a Lucene search query.
* You have the option to use wildcards.

* All filters are accepted, including: **is, is not, is one of, is not one of, exists, does not exist**.


Once you're done refining your search query and filters, you can
click **Preview** to open Explore Dashboard in another tab. It can help review the returned logs and ensure you get the expected results.

<h3 id="groupby"> Utilize Group-by for aggregated results</h3>

:::caution Important
Alerts won't trigger if the field added to the Group-by doesn't exist in the logs. The logs must include **both** the field you have in group-by and the field you use in your query/filter to trigger the alert.
:::


You can apply **group by** operators to up to 3 fields. If you use this option, the alert will return the aggregated results.

The order in which you add group-by fields matters. Results are grouped in the order in which the group-by fields are added. (The fields are shown from first to last from Left-To-Right.)

For example, the following will group results by continent, then country, then city:

![Ordered group by field functions](https://dytvr9ot2sszz.cloudfront.net/logz-docs/correlated-alerts/ordered-group-by_aug2021.png)

If we reverse the order (city, then country, then continent), it will likely generate unintended results.

You can use the group-by to create a visualization of your triggered alerts. The visualization will show the logs caught by the alert, letting you see which group-by values existed when the alert was triggered and which group-by values matched the condition.


<h3 id="relevant-accounts"> Choose accounts to monitor</h3>

Next, select the **Accounts to search**.

* If you select **All accounts**, the alert will query the logs in all the accounts it has access to. It will automatically include any accounts added in the future.

* You can select specific accounts. Select **Just these accounts** and add the relevant accounts from the dropdown list.

<h3 id="thresholds"> Set threshold and severity levels</h3>

Set your threshold and severity levels.

In the _Trigger if..._ section, click **+ Add a threshold** to set up to 5 threshold conditions, each with its own severity tag.

:::note
You can set the trigger condition time frame between 5 minutes and up to 24 hours (1 day). To set a trigger condition longer than 24 hours, use [Logz.io’s API](https://api-docs.logz.io/docs/logz/create-alert) to create your alert.
:::


![Alert trigger thresholds](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/alerts--trigger-settings_aug2021.png)

### Configure alert scheduling

You can use the scheduling mechanism to manage the trigger condition frequency.

Scheduling defines the frequency and the time frame for the alerts. To define a schedule, select **On Schedule** and use a [cron expression](https://www.freeformatter.com/cron-expression-generator-quartz.html) to specify when to trigger the alert.


:::note
The cron expression can only be set in increments rounded to the nearest minute.
:::


![Schedule alert screen](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/schedule-alert.png)

For example, you can apply the following schedule to your alerts:

| Cron expression | Alert trigger schedule |
|-----------------------------------------|------|
| 0 0/10 * ? * * * | Every 10 minutes |
| 0 0 0/1 ? * * * | Rounded to the nearest hour |
| 0 * 8-17 ? * MON,TUE,WED,THU,FRI * | Every minute between 8 am to 5 pm, Monday through Friday |
| 0 5 0 ? * * * | Every day at exactly 12:05 am |

By default, trigger conditions run approximately every minute. If there's a lag, the alert is not checked until all data is received. In addition, once an alert has met its condition and is triggered, it won't be checked again for the remainder of the alert trigger condition time range.

<h3 id="notification"> Optional: Customize notification settings </h3>

<h3 id="description"> Add description and tags</h3>

![Alert description and tags](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/description-and-tags_aug2021.png)

The **Description** is visible on the _Alert definitions_ page, and it's part of the emails and Slack messages sent when the alert is triggered.

We recommend making your description helpful to recipients, like telling them how to fix the issues that led to the alert.

The **Tags** are useful for filtering. For example, they can be used to create filtered visualizations and dashboards or to filter the _Alert definitions_ page.

<h3 id="recipients"> Select alert recipients</h3>

![Recipients and wait between notifications](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/recipients-and-wait_aug2021.png)

Choose notification endpoints if you want to send notifications or emails when the alert is triggered. This isn't required, though—triggered alerts are still logged and searchable in the Explore Dashboard.

Choose the endpoints or email addresses to notify under _Who to send it to_.

<h3 id="additional"> Add extra email recipients</h3>


:::note
Notification emails include up to 10 sample events. If your alert triggers more than 10 events, you can view the complete list in your logs.
:::


To use an **email** as your endpoint, you need to type the email in the Recipients table and click enter.

![Enter custom email](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/add-custom-email.gif)


If you need help adding a new endpoint,
see [_Notification endpoints_](/docs/user-guide/integrations/notification-endpoints/endpoints).

Set a time period between notifications to limit how frequently recipients are notified. Logz.io will continue to log triggered alerts without sending notifications, and you can [review these alerts](/docs/user-guide/explore/explore-log-alerts/alerts-event-management/) directly from the Logz.io platform at any time.

:::note
The system combines the **Trigger if** time interval with the **Wait time** interval to calculate how long it should snooze notifications and chooses the more extended time duration available. For example, if your trigger condition is 1 hour and the wait time is 15 Minutes, the system will snooze notifications for 1 hour before triggering them again.
:::

### Activate AI Agent Analysis

:::note
To use AI Agent Analysis, your alert must include a **Slack notification endpoint** and a **clear description**.
:::

[AI Agent Analysis](/docs/user-guide/observability/ai-agent-analysis/) enables Logz.io’s AI Agent to automatically investigate the cause of an alert the moment it’s triggered—delivering fast, actionable insights to help you understand what happened and why.

To enable it:

* Check the Activate AI Agent Analysis box.

![AI Analysis](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/ai-agent-analysis-checked.png)

* Click **Configure endpoint** and select the Slack channel where the report should be delivered.

![notification endpoint](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/notification-endpoint.png)

* Add a clear description to your alert—this gives the AI the context it needs to produce accurate and helpful results.

Once triggered, the AI Agent will analyze related logs, metrics, and patterns. A summary of its findings will be sent to your selected **Slack channel** and stored in the **AI Agent chat history** for future reference.

:::caution note
AI Agent Analysis runs **once every hour**.
:::

[Learn more about AI Agent Analysis](/docs/user-guide/observability/ai-agent-analysis/).

<h3 id="output"> Select alert's output format & content</h3>

When triggered, the alert will send out a notification with sample data.

Sample data can be sent in either **JSON** or **Table** formats. Toggle the button to select your preferred format.

If the alert includes any aggregation or group by field, the notification output will send the aggregated results by default.

:::tip note
When using Table format, the output is stored as a snapshot and is retained for 30 days before being automatically deleted.
:::

![Output format](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/output_aggregated_aug2021.png)

To be selective about the output, click **<i class="li li-plus"></i> Add a field** and select a field from the dropdown list. If you want, you can also add a sorting rule and a regex filter. [Learn more about regex filters for alert notifications](https://docs.logz.io/docs/user-guide/explore/explore-log-alerts/regex-filters/).

* If you select **JSON** format, you can send the full log (with all fields) or select as many as 7 fields.
* If you select **Table**, you can send as many as 7 fields.

![Output table](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/output-formats_aug2021.gif)



### Save your alert

Click **Save** to save your alert.
If the thresholds are passed and the alert is triggered,
Logz.io will log the alert and send the configured notifications.

### Get alert's ID


Each alert has a unique ID to help you find and share it with your teammates. Once your alert is configured, click the Edit button next to it. Then, the URL will update to include a set of numbers that represents your alert’s ID.

The URL will look like this:

`https://app.logz.io/#/dashboard/alerts/v2019/<<ALERT_ID>>`

![Alert ID](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/alert-id.png)
90 changes: 90 additions & 0 deletions docs/open360/alerts/intro-alerts-explore.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
---
sidebar_position: 2
title: Understanding Log Alerts
description: Monitor your environment with log alerts
image: https://dytvr9ot2sszz.cloudfront.net/logz-docs/social-assets/docs-social.jpg
keywords: [logz.io, alerts, log alerts, log analysis, explore, observability]
---


Log alerts are essential for ensuring you’re notified of critical events. Setting up the right alerts is a cornerstone of proactive development, DevOps, and validation practices.

Logz.io alerts leverage the Explore Dashboard search queries to continuously monitor your logs and notify you when specific conditions are met. Alerts can range from simple searches or filters to complex queries with multiple conditions and varying thresholds.

### Create a log alert

You can create an alert directly from your [Explore Dashboard](https://app.logz.io/#/dashboard/explore), or [build it manually](https://app.logz.io/#/dashboard/alerts/v2019/new) according to your desired configuration.

Open the Explore Dashboard, create a query or simple search to trigger your alert, and click the **Create Alert** button in the top right corner.

You'll be redirected to the Create an alert page, where you can continue configuring your alert.

![Alert from dashboard](https://dytvr9ot2sszz.cloudfront.net/logz-docs/explore-dashboard/alerts/explore-create-alert-oct21.png)

To manually build an alert, navigate to **[Alerts > + New alert](https://app.logz.io/#/dashboard/alerts/v2019/new)** to configure and create an alert.

![Alert from dashboard](https://dytvr9ot2sszz.cloudfront.net/logz-docs/explore-dashboard/alerts/new-alert-oct21.png)

### Review existing alerts

To view a paginated list of all alerts configured for your account, navigate to the [Alerts](https://app.logz.io/#/dashboard/triggers/alert-definitions) section.

You can sort the list by clicking on the column headers or using the top filters. Sort by severity, creator, tags, or alert status.

Use the search bar to find a specific alert quickly.

Click on the corresponding column header to filter alerts chronologically by **name**, **severity**, **creation date**, or **update date**.

![Alert definitions](https://dytvr9ot2sszz.cloudfront.net/logz-docs/explore-dashboard/alerts/alerts-oct21.png)

### Manage Log alerts

You can manage alerts individually or in bulk.

Use search terms and filters to locate the alerts you want to edit. Select them by clicking the checkbox next to each alert, or check the top box to select all visible alerts on the page (up to 25).

![Select alerts](https://dytvr9ot2sszz.cloudfront.net/logz-docs/explore-dashboard/alerts/edit-alerts-oct21.gif)

If you need to edit more than 25 alerts, you can select all alerts that match your search criteria by clicking the hypertext link at the top right of the table.

![Alert bulk actions](https://dytvr9ot2sszz.cloudfront.net/logz-docs/explore-dashboard/alerts/select-alerts-oct21.png)


:::note
You can act on **up to 1,000** alerts simultaneously.
:::


<h3 id="individual">Individual alerts</h3>

Each alert features a **State** button that you can toggle to turn the alert on or off as needed.

To edit, duplicate, or delete an alert, hover over its row to reveal the **Delete** and **Edit** buttons.

Click the **Menu button (:)** to access additional options such as **duplicating** the alert or **viewing the latest events**. Selecting the latter will display the alert query and the number of hits in the Explore Dashboard.

![Alert additional options](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/alert-menu-oct21.png)




<h3 id="multiple"> Multiple alerts</h3>

Choosing one or more alerts opens a top menu with the following actions:

* **Delete** - Delete all selected alerts
* **Activate** - Set all selected alerts to active
* **Deactivate** - Set all selected alerts to inactive
* **Recipient** - Add or replace recipients and notification points

![Alert edit menu](https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/multiple-alerts-oct21.png)

Clicking on the **Recipient** option opens a pop-up with two options:

**Add** - Add new recipients and notification points to the existing ones. This can include Slack channels, email addresses, and more.

**Replace** - Remove existing notification points and recipients, and replace them with new settings. Note that you **won't be able to review** the current notification settings **or revert** this action once saved.

Click **Confirm** to apply your changes.

<img src="https://dytvr9ot2sszz.cloudfront.net/logz-docs/alerts/add-replace-oct21.png" alt="edit-alerts" width="700"/>
Loading