Which option is better for setting up alerts on sumo logic?

Follow

Ramakrishna Hande

• June 10, 2019 13:29

I have my servers configured in sumologic and logging is done at sumologic. I want to enable some alerts based on logging done.

I see two Options 1) Scheduled searches 2) Metrics. My alerts should be based on the some execution time of the requests, which is being logged on sumo logic. Currently I did scheduled searches and it works. Is there a better way that it is done with metrics ?? In other words, do the metrics have a different purpose / additional advantages ?

0

• 

  Mario Sanchez

  • June 19, 2019 22:48

  Ramakrishna,

  You've done the correct thing: Scheduled Searches.  To clarify, you use Scheduled Searches when you want to create alerts based on your logs, and you use Metric Monitors when you want to create alerts based on your Metrics (i.e. your host server metrics, AWS metrics, etc.).

  To take it a step further, you can create Metrics out of your logs (see Logs-to-Metrics), and then use Metrics Monitors, but I think it would be overkill in your case if the Scheduled Searches do the trick.

  Cheers,

  Mario 

   

  1

  Comment actions Permalink
• 

  Ramakrishna Hande

  • June 20, 2019 08:52

  Thanks Mario, for the response.

  0

  Comment actions Permalink

Please sign in to leave a comment.