# Error monitors > Set up error monitors in Uptrace to receive alerts for specific log patterns, exception types, and severity levels. Customize alert names with Go templates. An error monitor watches incoming log records and fires an alert when a new matching pattern appears. Unlike metric monitors that evaluate aggregates over time, error monitors react to individual events — making them ideal for catching exceptions, fatal errors, and unexpected patterns the moment they occur. Uptrace automatically creates a default error monitor for logs with `ERROR` and `FATAL` severity. You can customize its filters, add grouping dimensions, or create additional monitors for other patterns.

## How it works When a log record matches the monitor's query, Uptrace checks whether an alert already exists for that pattern. Grouping uses the same [log grouping](/features/logs/grouping) logic as the Logs explorer — similar messages share one alert. If no alert exists, it creates one and sends a notification. If the same pattern fires again, Uptrace uses the [notification frequency](/features/alerting/notifications#notification-frequency) rules to decide whether to send a reminder. When the pattern stops appearing, the alert is automatically closed and a recovery notification is sent. ## Examples **All errors and fatal logs:** ```yaml monitors: - name: Notify on all errors type: error notify_everyone_by_email: true query: - group by _group_id - where _system in ("log:error", "log:fatal") ``` **Errors matching a specific message:** ```yaml monitors: - name: Notify on "timeout" errors type: error notify_everyone_by_email: true query: - group by _group_id - where _system in ("log:error", "log:fatal") - where _display_name contains "timeout" ``` **Exceptions only:** ```yaml monitors: - name: Exceptions type: error notify_everyone_by_email: true query: - group by _group_id - where _system in ("log:error", "log:fatal") - where exception_type exists ``` **All environments except dev:** ```yaml monitors: - name: Notify on all errors except in "dev" environment type: error notify_everyone_by_email: true query: - group by _group_id - group by deployment_environment - where _system in ("log:error", "log:fatal") - where deployment_environment != "dev" ``` ## Query attributes

Attribute	Description
`_group_id`	Groups similar log records together. Use `group by _group_id` to create one alert per unique error pattern.
`_display_name`	The log message or exception message. Use `contains` to match a substring.
`_system`	The signal type: `log:error` , `log:fatal` , `log:warn` , etc.
`exception_type`	Set on log records that carry an exception. Use `exists` to filter exception-only logs.
`deployment_environment`	The environment attribute, typically `prod` , `staging` , or `dev` .
`service_name`	The service that emitted the log.

Any [indexed span attribute](/opentelemetry/semconv) can be used in `where` and `group by` clauses. ## Alert names