vRealize Log Insight sends two types of email notifications, system notifications and user defined notifications.

Administrators can configure vRealize Log Insight to send email notifications when certain events occur in the system. The from address of system notification emails is configured by the administrator user on the SMTP configuration page of the Administration UI, in the Sender text box. See Configure the SMTP Server for vRealize Log Insight.

Administrator users can also configure Log Insight to send notification emails when the storage capacity drops below a defined threshold.

Every vRealize Log Insight user can create alert queries to receive email notifications from vRealize Log Insight when certain criteria are met.

Administrator users can disable all user defined notifications.

Type

Alert Name

Description

System

Oldest Data Will Be Unsearchable Soon

This alert notifies you when vRealize Log Insight is expected to start decommissioning old data from the virtual appliance storage and what is the expected size of searchable data at the current ingest rate. Data that has been rotated out will be archived if you have configured archiving, or deleted if you have not.

The alert is sent after each restart of the vRealize Log Insight service.

System

Repository Retention Time

This alert notifies you about the amount of searchable data that vRealize Log Insight can store at the current ingest rates and in the storage space that is available on the virtual appliance. Admin users can define the storage notification threshold. See Configure vRealize Log Insight System Alerts.

System

Dropped Events

This alert notifies you that vRealize Log Insight failed to ingest all incoming log messages.

In case of any TCP Message drops, as tracked by vRealize Log Insight server, a system alert is sent in both cases as follows:

Once a day

Each time the vRealize Log Insight service is restarted, manually or automatically.

The email contains the number of messages dropped since last alert email was sent and total message drops since the last restart of vRealize Log Insight.

Note

The time in the sent line is controlled by the email client, and is in the local time zone, while the email body displays UTC time.

System

Corrupt Index Buckets

This alert notifies you that part of the on-disk index is corrupt. A corrupt index usually indicates serious issues of the underlying storage system. The corrupt part of the index will be excluded from serving queries. A corrupt index affects the ingestion of new data. vRealize Log Insight checks the integrity of the index upon service start-up. In case of detected corruption vRealize Log Insight sends a system alert as follows:

Once a day

Each time the vRealize Log Insight service is restarted, manually or automatically.

System

Out Of Disk

This alert notifies you that vRealize Log Insight is running out of allocated disk space. This alert signals that vRealize Log Insight has most probably run into a storage related issue.

System

Archive Space Will Be Full

This alert notifies you that the disk space on the NFS server used for archiving vRealize Log Insight data will be used up soon.

System

Archive Failure

This alert notifies you that an operation of archiving vRealize Log Insight data to the NFS server has failed. This usually means that vRealize Log Insight is having trouble connecting to or writing to the NFS server.

System

Total Disk Space Change

This alert notifies you that the total size of the partition for vRealize Log Insight data storage has decreased. This usually signals a serious issue in the underlying storage system. When vRealize Log Insight detects the condition it sends this alert as follows:

Immeadiately

Once a day

System

Pending Archivings

This alert notifies you that vRealize Log Insight cannot archive data as expected. The alert usually indicates problems with the NFS storage that you configured for data archiving.

System

License is about to be expired

This alert notifies you that the vRealize Log Insight is about to expire.

System

License is expired

This alert notifies you that the vRealize Log Insight is to expired.

System

Unable to connect to AD server

This alert notifies you that vRealize Log Insight is unable to connect to the configured Active Directory server.

     

User Defined

Alert Queries

This alert notifies you that a query returned results that match the criteria that you have set for the alert. Every user can define alert queries that send email notifications when certain criteria are met.

See Add an Alert Query in Log Insight to Send Email Notifications.