Alert Email doesn't collect the log information

Team,

I have a query that not able to get the alert notification over email when I have created an alarm in the Alert policy. Following is the query I’m using.

SELECT count(*) FROM Log WHERE labels.app = ‘data’ AND message LIKE ‘%INFO%’

And also for the reference, I attached an email pdf file.

KIndly provide us the updated query or condition by which the message can print in the email.

Thanks

Hi @RyanVeitch,

Can you please suggest to me where I made mistake to make a query?

Thanks

Hi @subscriptions15

You said,

I have a query that not able to get the alert notification over email when I have created an alarm in the Alert policy.

By this, I think you mean you’re not able to get the log message in your notification? If you’re not able to get an email notification at all, that would be a different problem. I’m going to assume the former. If that’s not what you mean, will you please go into more detail about your issue?

In order to properly help with this, I’d need to see the alert condition directly – could you post a link to that?

I can tell you that the log message will not come through if all you’re doing is querying a count of log messages, since the content of that query is the count, not the log message itself. This is why I’d need to see the alert condition to know what to suggest (if anything).

That said, if your threshold is just watching for the count to jump over 0, you could potentially FACET by message and then use the Description field to add that message to the notifications by adding {{tag.message}} to your Description. This will not work well if you’re using any threshold other than above 0, though, since every unique message will be considered a separate facet and not added to the other messages coming through.

I hope this helps, but I’m afraid I’d need to see the alert condition before I can really provide meaningful help.

1 Like

Hi @Fidelicatessen,

Thanks for your reply !!

As you mentioned, I’m going to show you the alert condition.

Kindly help on this issue.

Thanks

Hi @subscriptions15

In order to get the log message to come through in the description for this, you would need the query in your NRQL alert condition to be faceted by message (which will change the behavior of your alert condition, so you probably won’t want to do this lightly), and then add {{tag.message}} to you description field. How to use attributes in Description fields is covered in the documentation for Alerts Descriptions, which you can find at this link.

1 Like