SolarWinds.com Blog Contact Us
LOG MANAGEMENT AND ANALYTICS
INFRASTRUCTURE MONITORING
APPLICATION MONITORING
DIGITAL EXPERIENCE

Get unified visibility and intelligent insights with SolarWinds Observability

LEARN MORE

Log Management and Analytics

Explore the full capabilities of Log Management and Analytics powered by SolarWinds Loggly

View Product Info

FEATURES

Proactive Log MonitoringTroubleshooting and Diagnostics with LogsSecurity and ComplianceLog Analysis and ReportingDevOps IntegrationsLoggly for Enterprise ScaleDevOps Products

Infrastructure Monitoring Powered by SolarWinds AppOptics

Instant visibility into servers, virtual hosts, and containerized environments

View Infrastructure Monitoring Info

Application Performance Monitoring Powered by SolarWinds AppOptics

Comprehensive, full-stack visibility, and troubleshooting

View Application Performance Monitoring Info

Digital Experience Monitoring Powered by SolarWinds Pingdom

Make your websites faster and more reliable with easy-to-use web performance and digital experience monitoring

View Digital Experience Monitoring Info

SUPPORTED LOG SOURCES

Android Docker Nginx Linux Apache .NET Python PHP Syslog AWS CloudTrail Heroku Tomcat Syslog endpoint DigitalOcean IIS Kubernetes MySQL Docker Network devices and routers Windows system logs Java Node.js Javascript
View All Supported Log Sources

Technical Resources

Using Loggly Product Documentation API Loggly Library Catalog Sending Logs to Loggly Ultimate Guide to Logging Troubleshooting

Educational Resources

Videos & Webinars Infographics Whitepapers Case Studies Use Cases

APM Integrated Experience

Datasheet Infographic Video: Failed Transaction Check SolarWinds vs Dynatrace SolarWinds vs Datadog SolarWinds vs AppDynamics SolarWinds vs New Relic

Connect with Us

System Status Support Request Blog COVID-19 Resource Center

Blog DevOps

Taming the wolves behind monitoring alerts

By Pranay Kamat 08 Feb 2017

Almost 2,500 years ago, an old man named Aesop travelled across villages near the picturesque hills of Greece. Along the way, he shared short stories he had learned from other lands. One such story was that of the shepherd boy who watched a flock of sheep near a village. That boy used to lure innocent villagers many times by crying out, “Wolf! Wolf!” When the villagers would come to help him, he would laugh at their folly. However, one day the wolf did come and when the boy called for help, no one paid any heed to his cries. The wolf destroyed the boy’s flock of sheep.

You may wonder what this story has to do with logging. Well, logs are a huge cauldron of noise, and alerting is a way for us to filter out the noise and reveal what really matters. Creating and managing alerts, however, is not easy. You can’t be sure that the alerts will never miss anything or repeatedly “cry wolf.” In the 2016-17 VictorOps State of On-Call survey of 800 on-call professionals, while 53% reported alert noise as a problem, 61% stated that alert fatigue is also an issue. So how do you find the right balance?

Be Agile, Be Bold

As a product manager, I have set up alerts to inform me when some old or new feature stops working. On several occasions, I have accidentally flooded my inbox with alert notifications while creating and fine-tuning my alert rules. If that happens to you too, just turn off the alert, clear all notifications, and turn the alert back on after updating its conditions. Loggly makes it easy for you to suppress (think: snooze) or disable the alert in a few clicks from the UI itself.

Loggly alert suppression screenshot

Don’t be afraid to experiment and refine your alerts based on what you learn from the data! You might not be able to know every meaningful alert pattern in advance, so identifying the right events and finding the right threshold is not always an easy task. But if you don’t analyze your logs and look for what’s going on, you’ll never be able to detect that meaningful activity and set helpful alerts.

Be Comprehensive, Be Creative

As a business, you want to be prepared for any scenario. You would rather be woken up by a false positive alert in the middle of the night instead of being at the receiving end of furious emails and tweets from your high-value customers early morning. If you are not getting enough alerts, then you have not covered enough cases. If you are receiving too many alerts, then you need to prioritize and assign appropriate notification channels. One way to do this is to ask questions like, “Does this need an alert or can I have this on a dashboard?” While each team must ultimately choose which items and thresholds receive alerts, we recommend setting up alerts for business-critical items and monitoring the remaining non-critical items through dashboards.

Loggly alert setup screenshot

In the VictorOps survey, while 89% reported using a group chat tool, 80% said they are doing some form of ChatOps (a conversation-driven development). Loggly makes it easy for you to set up and send notifications to different endpoints such as Slack, HipChat, PagerDuty, and VictorOps. You also have the option to send notifications to a generic HTTP endpoint. For each alert you set up, you may also want to ask yourself, “Does this really need an email or PagerDuty notification to my team members, or can I direct this to a less invasive Slack/HipChat channel?” If you choose any endpoint such as Slack and HipChat, we recommend that you manage the room notification settings inside Slack and HipChat so that users don’t miss out on important alerts.

Loggly monitoring via Slack, HipChat, PagerDuty, other endpoints

Be Earnest, Be Open

Based on our own experience internally, we can easily say the most valuable alerts are actionable and include as much context as possible. A quick and simple best practice here is to give meaningful names and descriptions to your alerts in Loggly. You would be doing yourself a disservice by creating alerts that do not include as much detail as needed to resolve the issue.  In the same VictorOps survey, while 39% said that lack of remediation information is a problem, 32% highlighted inefficient communication as another core problem.

So one of the things you must do, if you haven’t already, is discuss and review all your alerts as a team, so that everyone knows how different types of alerts must be prioritized — or, to come back to Aesop’s story of the shepherd and the wolf, when they need to take immediate action to prevent damage. Prepare a collaboration document  and clearly capture information that identifies:

  • The alert conditions,
  • Who created the alert,
  • The business and operational impact of the alert, and most importantly,
  • What must be done to resolve the alert condition.

If you look at alerts as a collaborative process, you will make it easy to reduce the number of noisy alerts and troubleshoot quickly.

Be Proactive

Logs are the most valuable tool during a firefight and Loggly alerts are a great way to stay on top of critical issues. Create Loggly alerts for effective web server, application, mobile app, database, and network monitoring that proactively surfaces the wolves lurking around your software. Alerts are available to our customers in all paid tiers. If you haven’t tried Loggly yet, you have one more reason to get started now!

The Loggly and SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.
Pranay Kamat

Pranay Kamat Pranay Kamat is Senior Product Manager at Loggly. His previous experiences include designing user interfaces, APIs, and data migration tools for Oracle and Accela. He has an MBA from The University of Texas at Austin and Master's degree in Computer Science from Cornell University.

Latest Posts

Categories

Related blog posts