Monitoring and Alerting Launch

Monitor and alert on incoming logs

Feb 15, 2021 by Casey Haakenson

Storing your logs as long as you need them and searching them quickly is great. But you'll also want to know if something happens while you aren't watching. Introducing Wrble Monitoring and Alerting. We spent a great deal of time to make sure that you could monitor what you need to without complicating the normal cases. Here we introduce the monitoring functionality and all that you can do with it.

Monitoring Basics

Monitors are built around searching and you can use the full Wrble search syntax.

Each monitor is broken into three parts: the search, a trigger, and notifications. Let's run through each.

Search

The search string is used to create a count of all matches for a given time period. You can choose how often to run this search and what time period it should query.

You can choose to run the query between every minute and once a day. Each time it executes the query can fetch from the prior minute to the prior day's worth of data to search.

Match Trigger

This is a pretty basic trigger that just counts the matches each time and triggers if it's over or under a certain value. Makes some pretty powerful things possible though, here are some common use cases.

Inactivity Alerts

If you want to make sure that logging is working at all or that your servers still have a pulse you can create a match alert where count is equal to zero.

Error Alerts

Searching for errors or exceptions that should be 0 and matching when the count is greater than zero will let you know when problems are happening.

Comparison Triggers

Let's move onto a more complex trigger type where we can compare to a previous time period. These can be really useful if you have a base load of some condition but want to know if it increases substantially.

There are two types of comparison triggers, one that compares on just the count and the other that uses a percent change to adjust to your traffic as it ebbs and flows. Something we're really proud of is the combined percent and match count trigger, this will allow you to match based on percent but protect yourself from low-volume moves (such as overnight) that aren't emergencies worth being notified about.

Notifications

We can notify you if any monitor triggers via Email, Webhook, PagerDuty, and/or Slack. Each monitor can do one or more of these.

Launched!

Monitoring and Alerting is available today, login and check it out and let us know what you think.