IBM Cloud Docs
Creating alerts through the UI

Creating alerts through the UI

You can create alerts graphically through the UI.

As of 28 March 2024 the IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs, which replaces these two services, prior to 30 March 2025.

Complete the following steps to create an alert:

Prereqs

You must grant permissions to users in your account to be able to launch the web UI and create alerts.

You must be an administrator of the IBM Cloud Activity Tracker service, an administrator of the IBM Cloud Activity Tracker instance, or have account IAM permissions to grant other users policies.

The following table lists the minimum policies that a user must have to be able to launch the IBM Cloud Activity Tracker Web UI, and view events:

Table 1. IAM policies
Service Role Permission granted
IBM Cloud Activity Tracker Platform role: Viewer Allows the user to view the list of service instances in the Observability Logging dashboard.
IBM Cloud Activity Tracker Service role: Manager or Standard-member Allows the user to launch the Web UI and create alerts.

For more information on how to configure these policies for a user, see Granting permissions to a user to view events.

Step 1. Define the rule

You must define the rule that specifies the scope of the data and save the rule as a view.

Complete the following steps to create a rule:

  1. Launch the IBM Cloud Activity Tracker UI.

  2. Filter event data by using pre-defined filters.

    You can filter events by event source, and event level.

    Complete the following steps to filter events:

    1. Click the Views icon Views icon.

    2. Select Everything or a view.

    3. Expand Sources to see the list of event sources that are identified in the events. Then, choose the ones that you want.

    4. Expand Levels to see the list of event levels that are identified in the events. Then, choose the ones that you want. Example values are critical, warning, and normal.

  3. Filter event data by adding a search query.

    When you search event data, the search applies any event filters and time queries configured in that view.

    You can do simple searches (single term string search), compound search (multiple search terms and operators), field searches if the event line can be parsed, and others. For more information, see Select the set of events to display through a view by applying a search query.

    AND and OR operators are case-sensitive and must be capitalized.

  4. Create a view.

    Click the Views icon Views icon.

    Select Everything or a view.

    Filter event data then click Save as new view. The Create new view page opens.

    Enter a name for the view in the Name field.

    Optionally, add a category. Enter a name and then click Add this as new view category.

    Click Save View

Step 2. Create the alert

Next, you must attach an alert to the view.

You can choose any of the following options:

  • Create a preset and attach the preset to the view
  • Create a specific alert on the view.

You can attach multiple notification channels to a view. You can define different triggering conditions to each notification channel.

Create an alert by using a preset

Complete the following steps to attach a preset to a view:

  1. Configure a preset (alert template).

  2. Click the Views icon Views icon. Select the view name. Then, select Attach an alert.

  3. In the section Choose preset, select a preset.

  4. Click Save alert.

Create an alert on a view

Complete the following steps to attach an alert to a view:

  1. In the web UI, click the Views icon Views icon.

  2. Click the view name. Then, select Attach an alert.

  3. Select View-specific alert.

  4. Select the type of alert (Slack, Email, Webhook, or PagerDuty). If you selected the wrong alert type and you want to change it, click Delete Alert Channel.

  5. Configure when you want the alert to be sent.

    Select if you want the alert to be sent when the condition exists (Presence) or does not exist (Absence).

    Indicate the criteria when an alert should be sent. For example, when 100 lines matching in the view are logged in an hour. A graph will help you determine the number of event lines matching your specified criteria.

    Select if the alert should be sent at the end of the selected period or immediately when the number of lines are logged.

    Optionally you can specify a Custom schedule with alerting limited to a specified timezone, days of the week, or timeframe. To configure a Custom schedule:

    Select **on** for **Custom schedule**.

Select the Timezone for the event entries.

Select the days of the week when alerts should be generated.

Optionally specify a time range for the selected days. A graph will help you determine the number of event entries for the timezone and time range.

  6. Depending on the type of alert you will also need to configure additional settings:

    Slack: Specify your Webhook URL and the desired Message color.

    Email: Specify the Recipients of the email and a Timezone. The timezone defines the timestamp value of each event that is included in the email. To see UTC timestamps, you can select (GMT +00:00) UTC.

    PagerDuty: Specify the Service. If required, you will be prompted to connect to PagerDuty.

    Webhook: Specify the Method & URL, and the Headers and Body of the JSON used to interact with your webhook. You can use Validate JSON to make sure your JSON is correct before creating the alert.

  7. You can click Test to test that your alert configuration is correct.

    Test option

  8. Click Save Alert.

  9. If you want to create an additional alert channel, click + and follow the prior steps to create additional channels. You can create different channel types, for example, an email and a Slack channel. Or, you can create multiple channels of the same type with different alert criteria.

Alerts will be generated based on your configuration.