Alerts – How To, Configuring, and Suppressing


The last thing that anyone wants is to find out about a critical operational issue on Twitter or from an angry email from the boss. That’s why alerts are an important part of Loggly.

With Loggly, you can specify the exact conditions when you want the alert to fire, with all of the capabilities of our search function at your disposal. For example, you might want to be alerted if a specific error occurs. Or, you might want to be alerted if a variable exceeds some threshold. For example, database response times that exceed 100 ms may indicate trouble. We’ll let you know right away, via email or through another alerting endpoint like PagerDuty.

How To Video

Loggly: How to Alerts

Configuring Alerts

There are three ways to set up alerts in Loggly:
1. By clicking on the Alert-bell-icon icon at the right-hand side of the search interface.2. From the Saved Search creation dialog box.Alert-saved-search3. By selecting Add New on the Alerts page.Alerts-Overview

Regardless of how you start setting up your alert, you’ll be prompted to fill in the following information:

Choose a name for your alert. The name will be returned with any alert that’s triggered.
Add a short description so that you remember why you wanted it set up.
You can choose a Saved Search to use. If you initiated your alert setup from the Saved Search creation dialog, that Saved Search will display. If you initiated your alert setup using the bell icon, you’ll see “custom search context” and the details of the current search you were performing. Any time range that was part of your saved search will be ignored, only the terms of a saved search are used for alerting.
Alert if
Here is where you’ll create the criteria to trigger an alert. Set the threshold number of search results that trigger an alert within a given timeframe. For example, you can set an alert to trigger when the search results show more than 10 results over any 5 minute span (based on timestamp).
In this section you establish how you’d like to receive notification. Choose to send an email or hit a 3rd party endpoint. Please see Alert Endpoints for a discussion on setting up your own endpoints. Only registered users can receive email notifications.
Check for this condition every
Set how often we run your saved search and scan for the number of results that match your alert criteria. If you choose to check for the condition every minute & the condition exists for 30 minutes, 30 notifications will be sent.alert_form5

Alert Suppression

You may want to suppress alerts when there is a planned outage such as a maintenance window or system upgrade. This will prevent alerts from being sent and disrupting your support team. Additionally, you may want to suppress alerts after you have acknowledged the problem in order to avoid duplicate alerts. Alert suppression in these cases can help avoid being inundated with information we are already aware of and help us focus on information that will help resolve issues at hand.

Once alerts are configured and you are receiving them, you can start to set alert suppression parameters.

  1. On the Alerts page, identify the alert you want to suppress. If this alert is not currently suppressed, the ‘None’ values will be displayed here. To set suppress parameters, select the ‘None’ link. If an alert is not active it will have an N/A to indicate that you cannot suppress it.

Suppress 1

2.  A window will pop up with the Alert name (Syslog) and in the ‘Suppress Alert for’ field you can specify a number value for the number of  minutes or hours you want to suppress this alert for. If you change the suppression time for an alert that is already suppressed, it will replace the previous value.

Suppress 2


Thanks for the feedback! We'll use it to improve our support documentation.