Send email alert once for same message
Hi,
I am new to SumoLogic and trying to setup an alert to send an email to support group if the message had 'zero rows' text. I would like to notify for first instance and give time to fix the issue by support team.
I have a monitor which logs error message to SumoLogic every 15mins until it is resolved. I would like to setup a real-time alert from SumoLogic to send an email to support group. If the message is same as previous instance then it should not send duplication email.
I have tried following criteria but it misses to send an alert for few instances.
searchQuery":"_sourceCategory=perfeval/monitor | logcompare timeshift -90m | where _deltaPercentage > 0
I have also tried to setup a 'Real Time' option but it sends an email every 15 mins with same message.
I appreciate your thoughts and help.
Regards,
Venkat
-
Official comment
this sounds a lot like an idea that is gaining traction: https://ideas.sumologic.com/ideas/SL-I-2271 that you may wish to upvote.
for your specific use case, sounds like you wrote the monitor code. can it log a timestamp for "first reported", which would be the same every time you write the message? if it can, you can compare first reported to message time and only fire alert if they fall within 15m of each other.
Comment actions -
Thank you Matt for the response and pointing to the idea. Yes, I was looking for same scenario.
I had a Azure function which just checks the tables if there is any table had zero count and logs to SumoLogic.
Yes, it has time stamp. But SumoLogic does not keep track of previous alert before it triggers other one. Is it correct?
Regards,
Venkat
Please sign in to leave a comment.
Comments
2 comments