Alerting

Central Logging can monitor your logs and send alerts when specific conditions are met. You define alert rules using SQL or FTS queries, and notifications are delivered through configured notification channels.

Alert Rules

An alert rule defines what to look for and when to fire. You can create alert rules from the Alerts page or directly from the search page (the query and source are pre-filled).

Each alert rule has:

  • Name — A descriptive name for the rule
  • Title — The subject line used in notifications
  • Query — A SQL query or FTS query to evaluate
  • Description — Additional context sent with the alert notification
  • Log Source — The log source(s) to monitor. A single rule can monitor multiple log sources.
  • Alert Condition — Choose to alert when the query returns results, or when the query returns no results (useful for detecting missing expected events)
  • Active/Inactive — Toggle rules on and off without deleting them

SQL Alert Rules

SQL alert rules run a SQL query against your log source. If the query returns results (or no results, depending on your condition), an alert is created.

FTS Alert Rules

FTS alert rules use the same full-text search syntax as the search page. This is useful for simpler keyword-based alerts.

Alert Throttling

To prevent alert fatigue, you can set a Max Frequency on each alert rule. This controls the minimum time between alerts for the same rule. For example, setting max frequency to 24 hours means you will receive at most one alert per day for that rule, even if the condition is met every time it is checked.

Alert rules are evaluated every 5 minutes. Alerts that have been resolved (the condition is no longer met) are automatically cleared.

Notification Channels

Notification channels define where alert messages are sent. Central Logging supports:

Slack

Send alerts to a Slack channel using an Incoming Webhook. To set up:

  1. Create an Incoming Webhook in your Slack workspace
  2. In Central Logging, go to Alerts and create a new Notification Channel
  3. Select Slack Webhook and paste the webhook URL

Telegram

Send alerts to a Telegram chat using a bot. To set up:

  1. Create a Telegram bot via @BotFather and get the bot token
  2. Get the chat ID for the target chat or group
  3. In Central Logging, create a new Notification Channel
  4. Select Telegram and enter the bot token and chat ID

Testing

Each notification channel has a Test button so you can verify the integration is working before relying on it for alerts.

Notification channels can be toggled active or inactive independently of alert rules.

💌 Get notified on new features and updates

Only sent when a new version is released. Nothing else.