• Setting up Paglo
• Contents
• Intro to Paglo
  • Paglo Crawler
  • Search Index
  • Web account
• Community
  • Share-its
  • Forums
  • Profiles
• Crawler
  • Manage Crawler
  • Configure Crawler
  • Update Crawler
  • Crawler plugins
• Search
  • Search cheat-sheet
  • Basic search
  • Advanced search
  • Template search
  • Nested search
• Using Paglo
  • Dashboards
  • Charts & graphs
• Applications
  • Alerts
  • Inventory
• Examples
  • Creating a NOC
  • 5 cool searches
  • Basic queries
  • Rates and history
  • IT scenarios
  • PQL statements
• For Developers
  • Create plugins
  • Developer Tools
  • Paglo API
  • About databases
  • Paglo ontology
• PQL
  • PQL reference
  • Overview
  • Expressions
  • Types
  • Functions
  • Paths
  • History
  • Statements
  • SELECT
  • INSERT
  • MERGE
  • UPDATE
  • DELETE
  • Structures
  • Tutorials
  • Reserved words
• Glossary
• Tech FAQ
• Index

Using the Paglo Alert application

Paglo alerts are email or Twitter notifications that let you know when relevant events occur. Set Paglo alerts to notify you of potential problems such as when disk space falls below 5% or when memory usage changes.

• Install the Alert Application
• Create new alerts
• Manage your alerts
• See alert examples

Paglo alerts are based on the results of saved searches that you identify as relevant. You can set Paglo to watch a specific value, such as the number of users on your network with administrative privileges. You can also set Paglo to notify you when the results of a specific search change in any way. For example, you could set up a search for the installed software as a baseline, and create an alert that lets you know if someone adds software that causes the baseline to change.

Installing the Alert Application

Install the Alert Application from the Applications page:

To install an Alert Application on your Paglo system:

1. On the left-hand navigation box, click Applications.
2. Under Applications Available, in the Alerts pane, click Install.

Opening an Alert Application

To open an installed Alert Application on your Paglo system:

1. Choose one of the following options:
• Click Alert.
• Click the Application right arrow in the left-hand navigation bar



2. In the Alert Application, create alerts from the Search menu to watch a set of search results, or by the leaf node menu to watch a specific value, and then set alert conditions.

Setting alert conditions

Tell Paglo what conditions to look for by providing a search or a PQL query. Indicate when you want to be notified, such as when a certain threshold is breached, or when a certain value changes. Also indicate how you want to be notified: by email or by Twitter (which includes instant messaging and telephone).

To create an alert you need to name it, enter a search parameter, and a notification address. Some conditions appear by default, if you create an alert from a search. You can accept those defaults or provide your own alert conditions. You can also add more destinations for alert notifications after you have created the alert by editing the alert on the All Alerts page.

Setting alert conditions takes 4 basic steps:

• Creating an alert
• Indicating what to watch
• Indicating when to generate
• Indicating how to notify

Creating an alert

To create alerts from the leaf node menu, run a search that produces what you want to monitor. Depending on whether you want to watch a set of search results, or a specific value, choose one of the following options:

• To watch a set of search results: Use the Search menu button if you want to be notified if anything changes anywhere in a set of search results:
  

  Click the Search menu icon to display the options, and then click Create an Alert to create alerts from the Search menu.

• To watch a specific value: Use the leaf node menu if you want to be notified if a specific value changes:
  

  Click the leaf node to display the options, and then click Add Alert to create alerts from the leaf node menu. In this screenshot, name is the specific leaf node whose value will be watched.

  Note: If you use a PQL search query that includes a value comparison, such as disk space that is less than 5%, you can select greater-than and less-than symbols from a pulldown list, and enter a value in a text box. If you do not use these, the alert defaults to the comparison symbols and value of the original search query.


• Any alert: You can also create any kind of alert from scratch, simply by opening the Alert page, clicking Create an alert, and then indicating what to watch.

Indicating what to watch

In the Alert Overview section, indicate what conditions to notify you about. If you create an alert from a search, some of the fields may appear filled in by default. You can accept these defaults, modify them, or overwrite them with your own:

• Name — Provide a unique name to identify this alert.
• Description — Provide an optional description that is visible from your main Alerts page.
• Alert on — Check the checkbox to enable this alert. If you do not enable the alert, Paglo will not check to see if the condition is met. You can see a history of the checks, after the alert is in action.

Indicating when to generate

In the Generate alert when section, indicate when you want to be notified. Choose the conditions that you want to be notified about. The condition options depend on the kind of search underlying the alert. Not all of the conditions appear, depending on what kind of search. For example, if you create an alert from the Search menu button, you will see a different set of conditions than if you create the alert from the leaf node menu:

• The search is run — If you create an alert from a search, the search appears in this field. You can use it as is, modify it, or enter a new search altogether.
• The search results have changed — Check this condition if you want to be notified when the search returns results that are different from before in any way.
• The search returns any results — Check this condition if you want to be notified when the search returns any results.
• The search returns no results — Check this condition if you want to be notified when the search returns no results.

Indicating how to notify

In the Notify me by section, indicate how you want to be notified. Paglo can send notification to you by email, or post a message to a designated Twitter feed when you provide an account and its password.

• Email — Click the email radio button to be notified by email.
• Twitter — Click the radio button to be notified by Instant Messaging or telephone through Twitter. This requires a Twitter account and password.
• Address — Provide your email address, or Twitter account name.
• Remind me every hour — Check the checkbox if you want to receive hourly followup reminders.
• Notify me if alert clears — Check the checkbox if you want to be notified when the alert condition clears.

You can also choose the following options:

• Add destination — Click to add another destination for the alert. You can send the alert to as many destinations as you want.
• Delete destination — Click to remove a destination if you change your mind.
• Test destination — Click to verify that the address for a destination is valid.
  

Click Create to save your alert.

Managing alerts

From the Alert List, you can create new alerts, and edit, enable, disable, or delete existing alerts. You can also view the alert state, and the most recent history log messages for each alert.

• Checking alert status
• Editing alerts
• Adding alerts to dashboard
• Viewing alert history logs
• Deleting alerts
• Uninstalling an Alert Application
• Example alerts
• Installing an Alert Application
• Opening an Alert Application
• Setting alert conditions
• Sharing saved alerts

Checking alert status

The Alert list provides the following information about each alert:

•    Indicates that the alert state is about to clear.
•    Indicates that the alert state is clear.
•    Indicates that the alert state is about to trigger.
•    Indicates that the alert state is triggered.
•   Indicates that an error prevents the alert from functioning. This is usually because the search is too broad, and the solution is to narrow the focus of the search.
•    Indicates that the alert is enabled.
•    Indicates that the alert is disabled.
•    Links to the History logs of each alert.
•   Deletes the alert from the list.
•   Links to online documentation.

Editing alerts

You can modify any parameters that you set when you created the alert. You can also add more notification destinations as well.

The Edit page contains additional information about the alert:

• State — In the Alert Overview section, you can see whether the alert is triggered, about to trigger, cleared, or about to clear.
• Last checked — In the Alert Overview section, you can see the date and time that the alert was last checked.
• Last followup message sent — In the Generate alert when section, you can click the link to update the changed condition saved state.
• Last followup message sent — In the Generate alert when section, you can see the date and time that Paglo sent the last followup message.

To edit alerts:

1. In the Alert Overview section, you can change the following parameters:



• Name — Provide a new name.
• Description — Provide a new description.
• Alert on — Check or uncheck the checkbox to enable or disable this alert.
2. In the Generate alert when section, you can change the search query and the notification conditions.



• This search is run — Tweak the search query.
• And... — Change the conditions under which to alert you:
• Search has changed — Trigger alert when the search results change in any way.
• Search returns any results — Trigger alert when the search returns any results.
• Search returns no results — Trigger alert when the search returns no results.

You can also choose the following options:

• Update changed condition saved state — You can change the baseline conditions.
• Run search — You can run the search against your database directly from the Edit Alert page.
3. In the Notify me by section, you can change how you want to be notfied:



• Email — Click to be notified by email.
• Twitter — Click to be notified by Instant Messaging or telephone. Note that you must have a Twitter account.
• Address — Provide your email address.
• Followup — Change whether you would like to receive followup notification after the first notification, if the condition continues.
• Notify cleared — Change whether you would like to be notified when the condition clears.

You can also choose the following options:

• Add destination — Click to add another destination for the alert. You can send the alert to as many destinations as you want.
• Delete destination — Click to remove a destination if you change your mind.
• Test destination — Click to verify that the address for a destination is valid.
  
4. Click Save to save the changes to this alert.

Adding alerts to dashboards

Like any application, you can add your alert list to a dashboard page for quick reference. There are two ways to post your alert list to a dashboard.

Choose one of the following options:

• On the Dashboard page, click Actions > Add Application > Alert.
• On the Alert page, click the Search menu button, and click Add to Dashboard from the pull-down list.

Viewing history logs

Paglo logs every action that an alert takes, which you can view from either the Alert list or from the Edit page.

To see the history log of an alert:

1. Open your list of alerts.
2. On the Listing of all alerts page, find the alert.
3. Click the appropriate Drilldown toggle.
4. In the confirmation dialog, click OK.

Deleting alerts

To delete alerts:

1. Open your list of alerts.
2. On the Listing of all alerts page, find the alert you want to delete.
3. Click the appropriate Delete icon.
4. In the confirmation dialog, click OK.

Uninstalling the Alert Application

Uninstall the Alert Application from the Applications page:

To uninstall an Alert Application from your Paglo system:

1. On the left-hand navigation box, click Applications.
2. Under Applications In Use, in the Alerts pane, click Uninstall.

Sharing saved alerts

You can share your best alerts with your colleagues or with the greater Paglo community by clicking the Share-its icon on the alerts page.

To share an alert with colleagues or community:

1. Open your list of alerts.
2. Click the alert that you want to share.
3. On the alert page of this alert, click the Share-its icon, and select Share this.
   
4. In the Share Alerts Share-its dialog, provide or edit the information about the alert, such as who to share the alert with, and which categories to share it under.
5. Click Share This.



On the Community page, you can view the alert in the category that you just placed it in:

Examples

Here are some examples of saved alerts:

• Example 1: When disk space falls below 5%
• Example 2: When total memory changes

Example 1: When disk space falls below 5%

You can create an alert that notifies you if disk space falls below 5%:

You can use the following query to create the alert pictured above. You could customize this query to suit your circumstances, such as moving the threshold by changing the value in: size < 6, or narrowing the query to a specific server by identifying that server in the WHERE clause.

SELECT systemname as "Machine Name", name as "Drive", 
  filesystem as "File System", volumeserialnumber 
  as "Serial Number", format(size, 'human_bytes') 
  as "Total Space", format(freespace, 'human_bytes') 
  as "Free Space", format(size - freespace, 'human_bytes') 
  as "Used Space", format((100 * freespace) / size, 
  'human_bytes')||'%' as "Free" 
FROM /network/device/wmi/win32_logicaldisk 
WHERE (100 * freespace) / size < 6 and 
  description != 'Network Connection' and 
  drivetype = 3 order by 1,2 limit 1000

Example 2: When total memory changes

This query keeps tabs on changes in the amount of memory installed in the computer:

 SELECT name, totalphysicalmemory 
 FROM /network/device/wmi/win32_computersystem

How do I find out more?

• Quick search from your Crawler icon
• Advanced search
• Paglo Query Language
• More about Paglo