With this update to Scheduled Search, you can now set threshold-based alerts on aggregation queries, extending our log alerting capabilities beyond simple "found/not found" queries. This leverages ongoing improvements to our logs-to-metrics pipeline to bring advanced alerting capabilities to teams that primarily rely on logs.

Benefits for logs-focused teams:

• Metrics-style alerting without a metrics pipeline: monitor critical thresholds directly from your logs
• Unlock hidden insights in your existing log data without changing your instrumentation
• Simplify your observability stack by eliminating the need for separate metrics collection for basic alerting
• Reduce MTTR by correlating numerical patterns with detailed log context in a single platform

Example use cases:

• Track when HTTP 5xx errors exceed 5% of total requests using only your web server logs
• Alert when application response times in logs show p95 latency crossing 200ms
• Detect authentication anomalies by counting failed login patterns across distributed services
• Monitor infrastructure health using log-based resource utilization indicators

We’ve got some more updates to our logs-to-metrics pipeline lined. Meanwhile, read the docs for full setup details and best practices.

Improvements

• API Catalog:
  • Selected tab in the details side panel is now persisted in the URL for easier sharing with teammates
  • Improved availability chart display when error rate data is missing but throughput data is present, and 0% availability now aligned to bottom of chart instead of center
• Usage: Selected date view and telemetry type selections are now preserved in the URL for easier sharing

Fixes

• Related Metrics in Logs Explorer would not display for users with single cluster configurations