Log Insight sends two types of email notifications, system notifications and user defined notifications.

Administrators can configure Log Insight to send email notifications when certain events occur in the system. The from address of system notification emails is configured by the administrator user on the SMTP configuration page of the Administration UI, in the Sender text box. See Configure the SMTP Server for Log Insight.

Administrator users can also configure Log Insight to send notification emails when the storage capacity drops below a defined threshold.

Every Log Insight user can create alert queries to receive email notifications from Log Insight when certain criteria are met.

Administrator users can disable all user defined notifications.

Type

Alert Name

Description

System

Oldest Data Will Be Unsearchable Soon

This alert notifies you when Log Insight is expected to start decommissioning old data from the virtual appliance storage and what is the expected size of searchable data at the current ingest rate. Data that has been rotated out will be archived if you have configured archiving, or deleted if you have not.

The alert is sent after each restart of the Log Insight service.

System

Repository Retention Time

This alert notifies you about the amount of searchable data that Log Insight can store at the current ingest rates and in the storage space that is available on the virtual appliance. Admin users can define the storage notification threshold. See Configure Log Insight System Alerts.

System

Dropped Events

This alert notifies you that Log Insight failed to ingest all incoming log messages.

In case of any TCP Message drops, as tracked by Log Insight server, a system alert is sent in both cases as follows:

Once a day

Each time the Log Insight service is restarted, manually or automatically.

The email contains the number of messages dropped since last alert email was sent and total message drops since the last restart of Log Insight.

Note

The time in the sent line is controlled by the email client, and is in the local time zone, while the email body displays UTC time.

System

Corrupt Index Buckets

This alert notifies you that part of the on-disk index is corrupt. A corrupt index usually indicates serious issues of the underlying storage system. The corrupt part of the index will be excluded from serving queries. A corrupt index affects the ingestion of new data. Log Insight checks the integrity of the index upon service start-up. In case of detected corruption Log Insight sends a system alert as follows:

Once a day

Each time the Log Insight service is restarted, manually or automatically.

System

Out Of Disk

This alert notifies you that Log Insight is running out of allocated disk space. This alert signals that Log Insight has most probably run into a storage related issue.

System

Archive Space Will Be Full

This alert notifies you that the disk space on the NFS server used for archiving Log Insight data will be used up soon.

System

Archive Failure

This alert notifies you that an operation of archiving Log Insight data to the NFS server has failed. This usually means that Log Insight is having trouble connecting to or writing to the NFS server.

System

Total Disk Space Change

This alert notifies you that the total size of the partition for Log Insight data storage has decreased. This usually signals a serious issue in the underlying storage system. When Log Insight detects the condition it sends this alert as follows:

Immeadiately

Once a day

System

Pending Archivings

This alert notifies you that Log Insight cannot archive data as expected. The alert usually indicates problems with the NFS storage that you configured for data archiving.

System

License is about to be expired

This alert notifies you that the Log Insight is about to expire.

System

License is expired

This alert notifies you that the Log Insight is to expired.

     

User Defined

Alert Queries

This alert notifies you that a query returned results that match the criteria that you have set for the alert. Every user can define alert queries that send email notifications when certain criteria are met.

See Add an Alert Query in Log Insight to Send Email Notifications.