Skip to content
Last9 Last9
Book a Demo

Scheduled Search

Create periodic searches on telemetry data and set alerts when patterns are found or missing.

Specify queries to watch for, if you should be alerted when the query is found or not found, number of occurences for the trigger, and the evaluation frequency. This can be value for scenarios like:

  • Detecing error rates exceeding normal thresholds
  • Identifying unusual patterns in user behavior
  • Monitoring for missing scheduled jobs or backups
  • Watching for repeated failed login attempts that could indicate brute force attacks

Via Control Plane

Control Plane — Scheduled Search

  1. Go to Scheduled Search in the Control Plane
  2. Click on “New Search”
  3. Define Search Query
    1. Select the telemetry type — Logs, or Traces (coming soon)
    2. Enter the query to search for — currently, only supports LogQL
    3. To verify the query before saving the rule, you can click on “View Logs/Traces”
  4. Define Alert Configuration
    1. Select “Results Found” or “No Results” as alert condition
    2. In case of “Results Found”, select the minimum threshold for number of occurences
    3. Select the evaluation frequency
    4. Select the alert destination, in case you no preconfigured channel exists, you can click on “Notification Channels” to create one (How to setup a Notification Channel?)
  5. Give the rule configuration a unique name

Via Logs Explorer

  1. Run a query in Logs Explorer, either in Builder or Editor mode
  2. Click on > “Save Query” in the top right
  3. Select “Enable alerting via Scheduled Search”
  4. Follow step #4 onwards as in Via Control Plane

Troubleshooting

Please get in touch with us on Discord or Email if you have any questions.