Creating event alerts

About this task

Event alerts are triggered off user-defined events that are created in the Discover Event Manager. For example, you can create an event that accumulates the number of Failed Logins per hour. In the alert definition, if the threshold exceeds 5, you can configure an email to be sent to the interested parties.

One event can be the trigger for multiple alerts. In the above example, you could create a higher-priority alert that is sent to the IT department if the threshold exceeds 20, which could indicate a problem with the web server.

  • Events that have the Display in Portal setting disabled are not available for generating alerts.
Note: When creating ratio alerts, timestamps for events are assigned in real time, while session-end events for alerts receive a timestamp when the session closes, which may be in a different alert time period window. Unexpected ratio counts may be generated if these two types of events are mixed in ratio alerts. Whenever possible, compare events with the same execution timeframe.

To create an event alert:

Procedure

  1. In the Portal, select Events > Manage Events.
  2. In the Discover Event Manager, click the Alerts tab.
  3. In the toolbar, click New Event Alert.
  4. The Event Alert Properties dialog is displayed:
  5. Enter a user-friendly name for the alert.
    • If no text is entered, a default description is created by appending the event description to the text "Alert On - ". Descriptions do not have to be unique.
  6. To assign the alert to an alert group, click Select.... A new group name can be entered for the alert, or you can select an existing group that is selected from the drop-down.
    • Groups aid in managing alert display and selection within Discover Event Manager.
    • Event groups and alert groups are separate and independent of one another.
    • See Creating or editing an alert group.
  7. To add an event group to your alert, click <Select Event>.
  8. Once you have selected your event you can choose a dimension group by clicking Dimension.
    • After choosing a dimension group and clicking OK you will be prompted to define the dimension and value. If you need to choose more than one dimension and value combination, click Add.
  9. To activate the alert, click the Active check box. When selected, alert is enabled and processed as configured by Discover.
  10. Configure the properties in each tab:
    1. Alert configuration properties
    2. Alert notification properties
    3. Alert blackout properties
  11. To save the alert, click Save Draft. The alert is saved to your local computer.
  12. To commit the alert to the server, click Save Changes.
  13. Alert definitions are saved separately from the event information. The Alert Service becomes aware of the new alert definition when the alert definitions are refreshed.
    1. Typically, this interval is 10 minutes.
    2. To force a refresh, you can restart the Alert Service. However, this method causes all accumulated event alert counts to be reset to zero.