Can I get an email when SumoLogic detects a Stopped Detector?

Follow
Avatar
Mike Boehm

When I log in and go to my Collectors page, I always set it from All to Stopped to see if anything isn't working.  I don't know if Stopped just means SL hasn't received any data for a while or if there's other criteria but when something is in that list, normally it means that the Service on the machine is not running.  I simply Start the service and things go back to normal but this requires me checking. 

Is there any way to configure SL so that if it detects a Collector as being "Stopped" I can get an email sent to me so I can go take action right away instead of waiting until I happen to notice?

Thanks.

0

Comments

2 comments

Sort by Date Votes
  • Official comment
    Avatar
    Raghu Murthy

    Hi Mike,

    There is a way to configure Sumo Logic to get alerted when a collector has not ingested for a given threshold setting - for example 60 minutes.

    This of course assumes that you expect that if there was no ingestion in a 60 minute period something is not right otherwise you could see false positive alerts.

    Refer to this Help link that takes advantage of the Data Volume index  (which should be enabled) for complete details regarding the query and how to scheduled the alert

    https://help.sumologic.com/Manage/Ingestion-and-Volume/Monitor-Ingestion-and-Receive-Alerts#Data_not_sent_alert

    Note the pre-requisite

    Prerequisite. All collectors must be sending data before you set this alert. This alert will trigger if any collectors do not send data in the specified time range. 

    Based on the you can extend the time range of the query as needed

    This hourly alert will notify you if any of your collectors have not sent data for the last 24 hours (-24h). and that you extend the time range if 24 hours is not long enough for your data to collect.

     

    Hope that helps

     

    Regards

    Raghu Murthy

     

     

     

     

     

     

    Permalink
  • Avatar
    Graham Watts
    • Edited

    Hi Mike,

    It looks like we are developing enhancements to our Audit logging, which should include a "collector stopped" log. If you don't mind, can you please vote and comment on the below Aha feature request? I know the title mentions "Collector Deleted", but please add your "Collector Stopped" use case in the comments.

    Our PMs will provide and update there, and you will be notified of progress updates ("In Progress", "Released"):

    https://ideas.sumologic.com/ideas/SL-I-783


    Thank you,

    Graham

    0
    Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post