Any query result may be turned into an alarm. Alarms are defined from the alarms tab in the project settings view. The name, identifies the alarm. The query, defines the events of interest for the alarm. The condition for alarm, defines when it will be triggered. Timeframe defines the period of time for the the condition to be matched. If an alarm condition occures then the user may be notified by email.

Alarm Definition

The above example shows an alarm triggered by the count of logs that match a query. The query searches for log events from the host fethiye that are generated by fail2ban application and include Ban keyword. The alarm is triggered if the count of such logs is bigger or equal to 10 in a 30min window. The alarm is checked every 10mins.