To set up an alarm, you must first create a detection rule to detect an event. The following events can be detected: scheduled task for the saved search which can emit metrics to the Monitoring service. Managing alarms is part of the Monitoring service. Ensure that the required IAM policies are created when you create a scheduled task, which will be sufficient to use the alarm feature in the Monitoring service.

• At ingest time based on the predefined condition matching the log content
• Through a scheduled search

The detected events can emit metrics to the Monitoring service. Managing alarms is part of the Monitoring service. Ensure that the required IAM policies are created when you create a detection rule, which will be sufficient to use the alarm feature in the Monitoring service.

1. • For ingest time event detection: Create ingest time detection rule to detect specific content in the log records at ingest time. See Detect Predefined Events at Ingest Time.

   • For scheduled search event detection: Create a saved search by saving your query. Create a scheduled search by selecting your saved search. See Save a Search and Add It to a Dashboard and Create a Schedule to Automatically Run a Saved Search Query.

   When the specified event is detected, a metric value is posted to OCI Monitoring service.

2. Create an alarm for the metrics posted in the OCI Monitoring service. See Oracle Cloud Infrastructure Documentation - Creating an Alarm.

   If you want to create the alarm before the metric is posted in OCI Monitoring service, then use the CLI, SDK, or console as discussed below to specify the metric name.

   • In the OCI Monitoring service console, click Switch to Advanced Mode in the Create Alarm page. In the section Metric description, dimensions, and trigger rule, specify the metric name in Query code editor using the Monitoring Query Language (MQL) expression.
   • Use create in CLI. Use the --query-text parameter to provide the Monitoring Query Language (MQL) expression to specify the metric name. See CLI: create.
   • Use the create_alarm method in SDK. Specify the name of the metric with the parameter query inside the document attached to the create_alarm_details parameter. See Software Development Kits and Command Line Interface.
   See Monitoring Query Language (MQL) Reference.

3. View all the Logging Analytics alarms in the console.

   From Logging Analytics, click Administration. The Administration Overview page opens.

   Under Resources, click Alarms. The alarms listing page opens.

   To view the history of a specific alarm which is based on Logging Analytics detection rule, click the Actions menu icon , and select View alarm history. In the View alarms history dialog box, all the firing alarms, the times at which they were triggered, and the alarm summaries are displayed. You can select any firing alarm and view it in the Log Explorer.

   To view a specific firing alarm in the Log Explorer, in the View alarms history dialog box, click the View in Log Explorer icon in the row corresponding to that firing alarm. The firing alarm is launched in the Log Explorer using the dimensions and the time range of the alarm that you had specified. If the alarm is for a saved search query, then it also considers the saved search ID for launching in the Log Explorer. The alarm will not be added in the Log Explorer query if it does not have dimensions.

To customize the alarm body, see Customize the Alarm Body.