You can configure alert queries in vRealize Log Insight to send notification events to vRealize Operations Manager when specific vRealize Log Insight queries return results above a given threshold.

Notification events that vRealize Log Insight generates are associated with resources in vRealize Operations Manager. You can read more about resources in the vRealize Operations Manager Getting Started Guide (Custom UI).

Note

Several minutes are required for notification events to appear in the vRealize Operations Manager user interface.

Verify that you are logged in to the vRealize Log Insight Web user interface. The URL format is https://log_insight-host, where log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

Verify that an administrator has configured the connection between vRealize Log Insight and vRealize Operations Manager to enable alert integration. See Configure Log Insight to Send Notification Events to vRealize Operations Manager.

1

On the Interactive Analytics tab, run the query for which you want notifications to be sent .

2

From the Create or manage alerts menu on the right of the Search button, click and select Create Alert from Query.

3

In the Add Alert dialog box, type a name for the alert, and provide a short and meaningful description of the event that triggers the alert.

The alert name and description are included in the notification event that vRealize Log Insight sends.

Note

The description of the alert is only visible in the email message that vRealize Log Insight sends.

4

Clear the Email check box or provide at least one email address to receive the notification events.

Use commas to separate multiple addresses.

5

Select Send to vRealize Operations Manager.

6

Specify a fallback object.

When integrated with vRealize Operations Manager 6.0 and above, alerts are sent as notifications to the virtual machines, ESX hosts, or vCenter server objects that caused the alert. Alerts raised by other entities are sent to the selected fallback object.

a

Click Select.

b

In the Select vRealize Operations Manager Resource to Receive Alert dialog box, type a resource name or browse for an object in the list.

Option

Description

Active VMs

Select to view only resources that are powered on.

All Resources

Select to view all resources, regardless of their power state.

7

(Optional) From the Criticality drop-down menu, select the criticality level for the notification events that appear in vRealize Operations Manager Custom user interface.

8

(Optional) Select the Auto Cancel check box to automatically clear alerts in vRealize Operations Manager after 10 minutes.

9

Set the alert threshold.

Alert Type

Selection

Any Match

Select the on any match option.

Queries run every 5 minutes.

Based on the event type

Select the When a new event type is seen option.

Queries run every 5 minutes.

Based on number of events within a period of time

Select the third option and use the drop-down menus to set the parameters.

Queries run based on your selection in the drop-down menu.

Based on chart values

Select the fourth option and use the drop-down menus to configure the parameters.

Note

This alert type is available only if you select to group events according to at least one field. You cannot create this alert type for charts that visualize only time series.

Queries run based on your selection in the second drop-down menu.

The orange line in the preview chart shows the current threshold.

10

Click Save.

When the alert query returns results that match the alert criteria, a notification event is sent to vRealize Operations Manager. Alert queries run on a predefined schedule and are triggered only once for a given threshold time range.

The locations where notification events appear depend on the vRealize Operations Manager user interface that you use. See Log Insight Notification Events in vRealize Operations Manager.

Assume that in vRealize Operations Manager you have a virtual machine resource named vm-abc.

You have configured vRealize Log Insight to pull events from the vCenter Server system where the virtual machine vm-abc runs.

You want to receive a notification in vRealize Operations Manager each time the vm-abc virtual machine is powered off.

Here is how to configure vRealize Log Insight to send these notification events to vRealize Operations Manager.

1

In the search text box, type Power Off virtual machine.

2

Click Add a Filter, select vc_vm_name and type vm-abc.

3

Click Search.

If the vm-abc virtual machine has been powered off during the selected time range, the search returns all instances that occurred.

4

From the drop-down menu on the right of the Search button, select Add Alert.

5

In the Add Alert dialog box, type a name and description for the alert, unselect the Email checkbox, and select Send to vRealize Operations Manager.

6

Click Select, type vm-abc, and click Search to find the vm-abc resource in the list.

7

Click the vm-abc resource in the list to add it.

8

(Optional) Modify the criticality level that is displayed in the vRealize Operations Manager Custom user interface.

9

Choose an auto-cancel setting.

10

Under Raise an alert, select on any match.

11

Click Save.

vRealize Log Insight polls the vCenter Server system at five-minute intervals. If the query returns a new Power Off virtual machine task from VM vm-abc , vRealize Log Insight sends a notification event that is associated with the vm-abc resource in vRealize Operations Manager.

You can enable, disable, or delete your saved alerts.

Note

Alert queries are user specific. You can manage only your own alerts.