Types of Health Log Analytics alerts

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Health Log Analytics generates several types of alerts.

    In a list of alerts, all alerts that are generated by Health Log Analytics have the value Log Analytics in the Source column. The value in the Group column identifies the kind of alert, as follows:
    Figure 1. Health Log Analytics alert types in the All Alerts list
    Look for the value in the Group column.
    Component-based alert (Alert0010108 in the example)
    Component-based alerts involve more than one configuration item (CI). A component is a logical component of a service instance that caused the alert. A component can be multiple CIs that perform the same function, such as multiple redundant hosts.
    Important:
    Each Component-based alert is the parent of a number of read-only alerts. You do not work directly on read-only alerts. You work only on the parent Component-based alert.
    In this example service instance, the identical Java apps X, Y, and Z make up a single component: Component B. Tomcat servers Q, R, and S and their hosts make up a different single component: Component C.
    Figure 2. Example service instance
    Service instance with four components.
    Log Analytics alert (Alert0010373 in the example)
    A Log Analytics alert identifies an anomaly that involves a single CI. A Log Analytics alert has the value None in the Group column. The anomaly that leads to the alert can be an unexpected number of log entries or an unexpected value of a metric.
    Log Analytics group (Alert0010157 in the example)
    When the system identifies multiple Log Analytics alerts that are related in important ways, it groups them into a Log Analytics group. A Log Analytics group can group up to four alerts. The system generates a Log Analytics group when the Log Analytics alerts share one or more of the following relationships:
    • Time: The events all occurred within a configured time interval.
    • Metadata: The alerts have matching values in log-line metadata. For example, all alerts involve the same host.
    • Message text: The message text in the log data is similar or identical between alerts.
    • Trend: The alerts show a similar tendency in values or rates. For example, a particular metric value is increasing in all alerts.
    Note:
    You can mark an alert as significant. A significant alert is more likely to be included in a Log Analytics group when the associated metric behaves anomalously. For more information, see Mark an alert as significant.