In the cloud-native era, log monitoring has become a core pillar of observability. More teams are choosing Grafana Loki and VictoriaLogs as log storage systems because they are lightweight, efficient, and cost-effective. The hard part has been building reliable alerting on top of those log systems.
Today we are happy to announce that Flashduty Monitors now fully supports Loki and VictoriaLogs data sources, completing the last piece of log monitoring and alerting.
Why Flashduty Monitors?
Native Query Syntax, No New Learning Curve
Teams have already invested time in LogQL and VictoriaLogs query syntax. Flashduty Monitors is fully compatible with native query languages.
Loki LogQL example:
count_over_time({job="mysql"} |= "error" [5m])VictoriaLogs example:
_time:15m and level:ERROR | stats by (level) count(*) total | filter total:>10No new DSL is required. Existing queries can be reused directly.
Three Alerting Modes for Different Scenarios
Flashduty Monitors provides three modes for log alerting:
| Mode | Best for | Example |
|---|---|---|
| Threshold evaluation | Multi-level alerts such as Info, Warning, and Critical | Trigger Critical when error logs exceed 50 in 5 minutes |
| Data exists ⭐ | Alert as soon as abnormal data appears | Trigger immediately when any HTTP 500 error appears |
| Data missing | Monitoring log-pipeline health | Alert when an Agent stops reporting logs |
💡 Recommendation: for logs, we strongly recommend Data exists mode. It pushes filtering down to the log engine and triggers whenever matching data returns. It is simple, intuitive, and efficient.
Flexible Alert Recovery
Flashduty Monitors provides three recovery strategies:
- Automatic recovery: recover automatically when the value falls below the threshold.
- Recovery threshold: define an independent recovery condition, such as
$A < 5, to avoid oscillation near the trigger threshold. - Recovery query: configure a separate recovery query with
${label_name}variable substitution. This is useful for cases such as switch-interface status changes where trigger and recovery queries should be different.
# Alert query: search error logs
count_over_time({job="mysql"} |= "error" [5m])
# Recovery query: search recovery marker logs
count_over_time({job="mysql"} |= "recovered" [5m])Include Raw Log Samples in Alerts
When a log alert fires, the first question is: which log line triggered it?
Flashduty Monitors supports associated queries, so alert messages can include raw log samples:
error log count: 23.000
Loki log time: 2026-01-09T10:23:45+08:00
Loki Log line: [ERROR] Connection refused to database server 10.0.1.5:3306One alert = problem signal + context, which greatly shortens troubleshooting time.
This is implemented through associated queries. Configure one associated query and render the query result into the rule note template. See:
Quickstart Examples
Scenario 1: Monitor Application Error Logs With Loki
Requirement: trigger Warning when error logs exceed 10 in 5 minutes, and Critical when they exceed 50.
count_over_time({job="myapp"} |= "error" [5m])Thresholds:
- Warning:
$A > 10 - Critical:
$A > 50
Scenario 2: Detect HTTP 500 Errors With VictoriaLogs
Requirement: alert immediately when any HTTP 500 error appears.
_time:5m and status:500 | stats by (service) count(*) total | filter total:>0Choose Data exists mode. Any returned data triggers an alert.
Scenario 3: Monitor Log Collection Health
Requirement: alert when a host has not reported logs for more than 15 minutes, which may mean the collector is down.
# Loki
rate({job="node-logs"} [1m])# VictoriaLogs
_time:15m | stats by (host) count(*) totalChoose Data missing mode. Continuous absence of data triggers an alert.
Why Flashduty?
- ✅ Unified alerting platform: manage alerting for Prometheus, Loki, VictoriaLogs, ElasticSearch, ClickHouse, and more in one place.
- ✅ Edge deployment: deploy the alert engine inside your private network so data does not leave your environment.
- ✅ Flexible notification: integrate with Feishu, DingTalk, WeCom, Slack, PagerDuty, and 20+ notification channels.
- ✅ Alert grouping and noise reduction: intelligent grouping, suppression, and silences reduce alert fatigue.
- ✅ On-call scheduling: 7×24 rotations ensure every alert has an owner.
Try It Now
Logs are the black box of your system, and alerts are the key that opens it.
Flashduty Monitors turns Loki and VictoriaLogs from "queryable" into "actionable," so anomalies are discovered and handled as soon as possible.
👉 Sign up for a free Flashduty trial and start intelligent log alerting.
Flashduty Team | January 2026
