Summary notifications collect and cache events instead of forwarding them to an action immediately. When the schedule ends, all cached events are forwarded to the intended action in one batch. Filters with a summary schedule are shown with a little clock in the list. Jobs in the web reports are generally recommended over summary notifications since they can summarize events from multiple hosts and support multiple output formats.
Summary filters can work with any action except for the special setting "Trigger all actions". Summary notifications are bound to a particular action. It is not recommended to create multiple summary notifications which use the same action; instead, a new action should be created for each summary notification. |
When configuring a summary schedule, the listed schedule specifies the time period when events are being collected and cached. Events are forwarded to the notification listed on the "General" tab when the schedule ends (e.g. 5PM in screenshot listed below).
The filter will not match any event outside the listed schedule(s). |
Collects events Mon-Fri that occur between 8am and 5pm,
and sends out a summary email Mon-Fri at 5pm
How it works
If an event occurs during a list schedule, then the event will be collected. The collected events are sent out when the schedule ends.
Example above: Events which occur between 8am and 5pm from Mon through Fri will be collected and cached. Every week day at 5pm, the collected events will be forwarded to the configured action. Events occurring on weekends or outside the 8am-5pm schedule will not match this filter and thus not be processed.
Real World Scenarios
One can use the summary notification feature in a number of scenarios:
•Receive one summary email every Monday morning
•Send a weekly summary email to a supervisor containing all error events of the week
•Log events to a database only twice a day to save bandwidth from a server connected through a slow link
Service Restarts
Summary events are retained when the EventSentry service restarts. Collected events are written to a temporary file in the EventSentry temp sub directory and start with "eventsentry_summary_" and are processed when the service starts.
See the section Summary Notification Examples for examples.