This part in the Log Insight (LI) series will describe how we can create alerts for certain events that we want to monitor a bit extra. In this case one host had a broken SD card, which we never got any alerts on from vCenter Server, so we wanted to create a separate email alert for it.

We didn’t realize there was a problem until we tried to patch the ESXi host using Update Manager, and got the following error messages:


We filtered the first event to see how often it occurred:


Then we took a look at other events that occurred around the same time using the View Event In Context feature:


There we found the actual disk error message and status code (H:0x0 D:0x2 P:0x0 Valid sense data 0x3 0x11 0x0), which we looked up on the excellent site



Now that we knew what message we were looking for, we created a simple text filter/query for it:


We could also go back in time to see exactly when it started occuring, and even zooming in to the exact minute:



Since we wanted to be alerted in the future if the same message should reappear, we created an alert for it, which is simply done by clicking the red alert bell in the top right, once you’ve created and fine tuned your filters/query:


Give the alert a name, description and tell LI how to send the alert (SMTP email, webhook and/or vROps Mgr alert):


Done! Now we’ll get an email in advance rather than finding out about SD card problems later.