Set up an inactivity alert
An inactivity alert informs you of the absence of expected activity.
Preparing the query
An inactivity alert is defined to trigger when no events matching the query conditions are registered over a given time period. As this kind of alert is based on the absence of individual events, it can't be created for queries that group the events.
To prepare the query, you may create columns with new values, and apply filters. When the query only displays the events that meet the conditions you need to monitor, you can create the alert.
Creating the inactivity alert
- In the query window and with the query as you need it, select New Alert Definition from the toolbar. The New Alert Definition window appears.
- Enter the Message, Description, Subcategory, Alert Name and Priority as you would when creating any alert.
To make this an inactivity alert, select Low as the alert type, then specify the time period and set the Threshold to 0. In our example, we chose 1 hour as the time period. This means that if 0 events (meeting the query conditions) occur in the space of 1 hour, the alert will trigger.
If this window contains the Gradient trigger method instead of Low, this is because your query groups events. Inactivity alerts cannot be set up based on queries with grouped events.
- Click Create to save the alert.
With the alert created, you can: