Create actions for alerts and scheduled searches
Create actions in Logs to initiate when an alert or scheduled search triggers, such as notifying a PagerDuty group or sending a message to a Slack channel. See Actions (opens in a new tab) in the LogScale documentation for a list of the supported tools and incident management platforms you can create actions for.
Prerequisites
Some actions require additional configuration in a third-party app before creating an action in Logs, such as configuring a Slack app (opens in a new tab) or creating a PagerDuty service (opens in a new tab). Complete those steps before creating the associated action in Logs.
If you need to access external LogScale configuration tasks, such as creating an action template or installing a LogScale package, click Repository settings in Logs to display the full LogScale product.
Create an action
To create an action in Logs:
- In the navigation menu select Exploring > Logs Explorer.
- Click Logs Automation to display the Logs alerting capabilities.
- On the Logs Automation page, click Actions and then click New action.
- Enter a name for your action and select the action type. Select one of the
following options:
- Empty action: Start with a blank action, select the action type (such as email, Slack, or PagerDuty), and configure or set the action parameters.
- From template: Use an existing action template or upload a template that you previously exported. LogScale supports message templates for email, Slack, and webhook actions. See message template and variables (opens in a new tab) in the LogScale documentation for more information.
- From package: Use an existing action defined in an installed LogScale package. See views and packages for more information about creating packages.
- Follow the prompts for the action type you selected and complete all required fields.
- Click Create action to create the action.
After creating an action, you can create an alert or a scheduled search and assign the action.