I have my servers configured in sumologic and logging is done at sumologic. I want to enable some alerts based on logging done.
I see two Options 1) Scheduled searches 2) Metrics. My alerts should be based on the some execution time of the requests, which is being logged on sumo logic. Currently I did scheduled searches and it works. Is there a better way that it is done with metrics ?? In other words, do the metrics have a different purpose / additional advantages ?
The difference is the data itself. Your logs have information that your metrics don't, and vice versa. You should alert based on the data you have that you want to alert on. Take into consideration the frequency of the logs or metrics you are sending to Sumo Logic.
Scheduled searches on logs are great for getting alerts, they have certain limitations.
Metrics have monitors for alerts. For your metrics query, you can set a monitor on a time series to alert when the metric has crossed a static threshold, and then send an email or Webhook notification. You can set a maximum of one critical alert, one warning alert, and one missing data alert for each monitor, each with one or more notification destinations.
Sumo Logic has detailed information on their features in their online documentation.
