Log Search Config Builder
Build a complete, valid Alert24 agent log_searches configuration — pick a source, test your pattern, add alert rules, and copy the JSON. Use it to monitor a log file for errors and set up log search alerting.
Everything runs in your browser. No log data leaves this page.
Log search
A unique identifier referenced by alert rules (letters, numbers, and underscores). Spaces become underscores.
2. Source settings
An empty pattern matches every line (pure volume tracking).
Paste sample log lines to see what your pattern would match. Matching runs entirely in your browser.
3. Alert rules
log_match_count: The raw number of matching lines counted in one interval. The classic "too many errors" alert.
Duration 0 = alert immediately. Sustained breach is tracked for the full duration before the incident opens.
Your configuration
{
"log_searches": [
{
"name": "search_1",
"source": "file",
"path": "/var/log/myapp/*.log",
"pattern": "ERROR|FATAL"
}
],
"alert_rules": [
{
"metric": "log_match_count",
"log_search": "search_1",
"operator": "gt",
"threshold": 10,
"duration_seconds": 0,
"severity": "high",
"service_impact": "degraded"
}
]
}Where to paste this
The two arrays above are siblings in your agent's JSON config. Merge log_searches and alert_rules into your existing agent config (alongside metrics and services), or paste the searches and rules into the agent's Log Searches editor on its detail page in the Alert24 dashboard (Monitoring → Server Agents → your agent). The agent picks them up on its next heartbeat.
Up to 20 searches are processed per agent. Each log_search name on a rule must match a search above — the builder keeps them in sync and de-duplicates names automatically.
Alert on your logs. Keep your logs.
Add log search to the agent you already run. Error spikes, error rate, runaway floods, and silent-app deadman alerts — with the matched lines right in the incident.