You can configure an alert monitoring rule for query and analysis results. If the conditions of the alert monitoring rule are met, an alert is triggered and an alert notification is sent. This topic describes how to configure an alert in Log Service.

Background information

In this example, the Request Success Rate and Response Time Trend charts in the dashboard of Website Audit Center are monitored. When the request success rate is lower than 90% and the response time is higher than 60 seconds, an alert is triggered and notified to the SLS O&M group by SMS.

Step 1: Create users and a user group

You can create users and user groups as the recipients of alert notifications. In this example, create two users named Alice and Kumar and a user group named LogServiceOperations, and then add the two users to the user group.

  1. Log on to the Log Service console.
  2. Go to the User Management page.
    1. In the Projects section, click the name of the project for which you want to configure an alert. In this example, the project name is datalab-12****408-cn-chengdu.
    2. In the left-side navigation pane, click Alerts.
    3. Click Open Alert Center and choose Alert Management > User Management.
      User Management option
  3. Create users.
    1. Click Add Users.
    2. On the Add Users tab, enter the information of the users that you want to add, and click OK.

      The following table describes the parameters and provides configuration examples of the parameters.

      # ID, Username, Enabled, Country code-phone number, Receive text message, Receive phone call
      1001,Kumar,true,86-1381111*****,true,true
      1002,Alice,true,86-1381111*****,true,true
      Parameter Description Example
      ID The unique ID of the user. The ID must meet the following requirements:
      • The ID must start with a letter.
      • The ID must be 5 to 60 characters in length.
      • The ID can contain only digits, letters, underscores (_), hyphens (-), and periods (.).
      1001 and 1002
      Username The name of the user.

      The username must be 1 to 20 characters in length, and cannot contain the following characters:

      "\$|~?&<>{}`'

      Kumar and Alice
      Enabled Specifies whether to allow Log Service to send alert notifications to the user.
      • true: Log Service is allowed to send alert notifications to the user.
      • false: Log Service is not allowed to send alert notifications to the user.
      true
      Country code-phone number The country code and phone number of the user. The country code can contain only digits and must be 1 to 4 characters in length. 86-1381111***** and 86-1381112*****
      Receive text message Specifies whether to allow Log Service to send SMS messages to the phone number.
      • true: Log Service is allowed to send SMS messages to the phone number.
      • false: Log Service is not allowed to send SMS messages to the phone number.
      true
      Receive phone call Specifies whether to allow Log Service to send voice notifications to the phone number.
      • true: Log Service is allowed to send voice notifications to the phone number.
      • false: Log Service is not allowed to send voice notifications to the phone number.
      true
  4. Create a user group.
    1. In the Alert Management drop-down list, select User Group Management.
    2. Click Create.
    3. In the Add User Group dialog box, set the parameters and click OK.

      The following table describes the parameters and provides configuration examples of the parameters.

      Parameter Description Example
      ID The unique ID of the user group. The ID must meet the following requirements:
      • The ID must start with a letter.
      • The ID must be 5 to 60 characters in length.
      • The ID can contain only digits, letters, underscores (_), hyphens (-), and periods (.).
      group-01
      Group Name The name of the user group.

      The group name must be 1 to 20 characters in length, and cannot contain the following characters:

      \$|~?&<>{}`'"

      LogServiceOperations
      Available Members The users that you created. Kumar and Alice
      Selected Members The users that are added to the user group. Kumar and Alice
      Enabled Specifies whether to allow Log Service to send alert notifications to the user group.
      • If you turn on the Enabled switch, Log Service is allowed to send alert notifications to the user group.
      • If you turn off the Enabled switch, Log Service is not allowed to send alert notifications to the user group.
      Turn on the Enabled switch.

Step 2: Create an alert monitoring rule for logs

You can create alert monitoring rules to monitor the query and analysis results of logs. For example, you can create an alert monitoring rule to monitor the request success ratio and response_time trend charts. If the request success rate is lower than 90% and the response time is greater than 60 seconds, an alert is triggered.

  1. Choose Log Storage > Logstores. On the Logstores tab, click the Logstore that you want to view.
  2. In the upper-right corner of the page, choose Save as Alert > New Alerting Feature (Public Preview).
  3. In the Alert Monitoring Rule panel, set the parameters and click OK.

    The following table describes the parameters and provides configuration examples of the parameters.

    Create an alert monitoring rule
    Parameter Description Example
    Rule Name Specify the name of the alert monitoring rule. Website Logs_Alert Monitoring Rule
    Check Frequency Specify a check frequency at which query and analysis results are checked.
    • Hourly: Query and analysis results are checked every hour.
    • Daily: Query and analysis results are checked at a specified point in time every day.
    • Weekly: Query and analysis results are checked at a specified point in time on a specified day of the week.
    • Fixed Interval: Query and analysis results are checked at a specified interval.
    • Cron: Query and analysis results are checked at an interval that is specified by using a CRON expression.

      If you use CRON expressions, the minimum precision is 1 minute. The time format is based on the 24-hour clock. For example, 0 0/1 * * * specifies that a check is performed every hour from 00:00.

    Daily, 00:00
    Query Statistics Specify a query statement.

    If you specify multiple query statements, you can set the Set Operations parameter to associate multiple query results. For more information, see Multi-set operations.

    • 0: On the uicontrol[1]Website Audit Centeruicontrol dashboard, select the request success ratio chart.
    • 1: On the uicontrol[1]Website Audit Centeruicontrol dashboard, select the response_time trend chart.
    • Set the Set Operations parameter to CROSS JOIN
    Group Evaluation Log Service allows you to group query and analysis results.
    • If you set this parameter to Custom Tag, Log Service groups query and analysis results based on the fields that you specify. After Log Service groups the query and analysis results, the trigger condition is evaluated for each group. If the trigger condition for query and analysis results is met within each check period, an alert is triggered in each group.

      You can specify multiple fields. You must use commas (,) to separate multiple fields.

    • If you set this parameter to No Grouping, only one alert is triggered within each check period when the trigger condition is met.
    • If you set this parameter to Auto Tag, Log Service automatically groups the query and analysis results of time series data
    No Grouping
    Trigger Condition Specify the trigger condition of an alert.
    • Data is returned: If data is returned for a query, an alert is triggered.
    • the query result contains: If the number of returned rows of a query reaches N, an alert is triggered.
    • data matches the expression: If the returned data of a query matches a specified expression, an alert is triggered.
    • the query result contains: If the number of returned rows of a query reaches N, and the N rows of data match a specified expression, an alert is triggered.

    For more information, see Syntax of trigger conditions in alert rules.

    Data is returned, $0.success_ratio <90&&$1.avg_upstream_response_time\(s\) >60
    Note If a field contains parentheses (), you must use backslashes (\) to escape the parentheses ().
    Severity Specify the alert severity level. You can use this parameter to reduce alert noises and manage alert notifications. When you create an alert policy or an action policy, you can add conditions based on severities. For more information, see Specify alert severities.
    • Simple mode: If you select a severity, all alerts that are triggered based on the alert monitoring rule have the same severity.
    • Conditional mode: You can click Create to specify a condition and the related severity. For information about conditional expressions, see Syntax of trigger conditions in alert rules.
    Medium-6
    Add Annotation Log Service allows you to add annotations as non-identifying attributes for alerts. Annotations are formatted in key-value pairs. This parameter is used to denoise alerts and manage alert notifications. When you create an alert policy or action policy, you can add conditions based on annotations. For more information, see Labels and annotations.
    • Title: Monitor the request success rate and average response time of a website
    • Description: request success rate: ${success_ratio}, average response time: ${average_upstream_response_time(s)}
    Auto-Add If you turn on the Auto-Add switch, information such as __count__ and __topic__ are automatically added to the alert. For more information, see Auto-Add switch. None
    Threshold of Continuous Triggers Specify the threshold of continuous triggers. An alert is triggered only if the specified trigger condition is met during consecutive check periods. If the trigger condition is not met, no alert is triggered. 1
    Alert Policy Select an alert policy to merge, silence, and suppress alerts.
    • If you select Simple Mode or Standard Mode, you do not need to configure alert policies. By default, Log Service uses the sls.builtin.dynamic alert policy to manage alerts.
    • If you select Advanced Mode, you can select a built-in or custom alert policy to manage alerts. For more information about how to create an alert policy, see Create an alert policy.
    Simple Mode
    Action Policy You can use action policies to manage alert notification methods and the frequency at which alert notifications are sent.

    If you set Alert Policy to Simple Mode, you need only to configure an action group.

    After you configure an action group, Log Service automatically creates an action policy named Rule name-Action policy. Alert notifications are sent based on the action policy for all alerts that are triggered based on the alert monitoring rule. For more information, see Notification methods.

    Notice You can modify the settings of an action policy on the Action Policy tab. For more information, see Create an action policy. If you add evaluation when you modify an action policy, the value of the Alert Policy parameter is automatically changed to Standard Mode.
    • Notification Method: SMS Message
    • Recipient: LogServiceOperations
    • Alert Template: SLS builtin content template
    • Period: Any Time
    Cycle If duplicate alerts are triggered in the specified duration, the selected action policy is executed only once, and only one alert notification is sent. 5 Minutes

Step 3: View the alert records

After you create an alert monitoring rule, Log Service monitors the query and analysis results based on the rule. If the query and analysis results meet the specified trigger condition, an alert is triggered. You can view the alert records on the Monitoring Rule Center dashboard.

  1. On the Alert Center page, choose Alert Management > Monitoring Rule Center.
  2. In the Alert rule latest status section, view the alert monitoring rules that are executed.
    View alert monitoring rules