All Products
Search
Document Center

Simple Log Service:Configure an alert monitoring rule in Simple Log Service

Last Updated:Nov 22, 2023

You can configure an alert monitoring rule for query and analysis results. If the conditions of the alert monitoring rule are met, an alert is triggered. This topic provides an example on how to configure an alert monitoring rule for website access logs in Simple Log Service.

Prerequisites

Simulated Layer 7 access logs of Server Load Balancer (SLB) are collected to Simple Log Service. To collect simulated Layer 7 access logs of SLB, log on to the Simple Log Service console. On the Simulated Data Import tab in the Import Data section, select SLB Layer-7 Access Logs - Cloud Products.

Background information

After you collect Layer 7 access logs of SLB, Simple Log Service automatically generates a dashboard named SLB Operation Logs and displays the metrics that are related to Layer 7 access logs of SLB on the dashboard. In this example, the request success ratio and request_time trend charts on the SLB Operation Logs dashboard are monitored. When the request success ratio is lower than 90% and the response time is longer than 60 seconds, an alert is triggered, and an alert notification is sent to a user group named LogServiceOperations by text message.

Step 1: Create users and a user group

You can create users and user groups and specify them as the recipients of alert notifications. In this example, two users named Alice and Kumar and a user group named LogServiceOperations are created. The users are added to the user group.

  1. Log on to the Simple Log Service console.

  2. Go to the User Management tab.

    1. In the Projects section, click a project.

    2. In the left-side navigation pane, click Alerts.

    3. On the Alert Center page, choose Notification Objects > User Management.

  3. Create users.

    1. Click Create.

    2. In the Create User dialog box, enter the information about the user that you want to create and click OK.

      The following table describes the parameters and provides examples of parameter values.

      Parameter

      Description

      Example

      ID

      The ID of the user. The ID must be unique.

      10001 and 10002

      Username

      The name of the user.

      Kumar and Alice

      Phone Number

      The mobile phone number of the user.

      86-1381111***** and 86-1381112*****

      Receive Text Message

      If you turn on Receive Text Message, Simple Log Service can send text messages to the phone number.

      Receive Text Message: turned on

      Receive Phone Call

      If you turn on Receive Phone Call, Simple Log Service can call the phone number.

      Receive Phone Call: turned on

      Enabled

      If you turn on Enabled, Simple Log Service can send alert notifications to the user.

      Enabled: turned on

  4. Create a user group.

    1. On the Alert Center page, choose Notification Objects > User Group Management.

    2. On the User Group Management tab, click Create.

    3. In the Add User Group dialog box, configure the parameters and click OK.

      The following table describes the parameters and provides examples of parameter values.

      Parameter

      Description

      Example

      ID

      The ID of the user group. The ID must be unique.

      group-01

      Group Name

      The name of the user group.

      LogServiceOperations

      Available Members

      The users that you created.

      Kumar and Alice

      Selected Members

      The users that you want to add to the user group.

      Kumar and Alice

      Enabled

      If you turn on Enabled, Simple Log Service can send alert notifications to the user group.

      Enabled: turned on

Step 2: Configure an alert monitoring rule

You can configure an alert monitoring rule to monitor the query and analysis results of logs. For example, you can configure an alert monitoring rule to monitor the request success ratio and request_time trend charts. When the request success ratio is lower than 90% and the response time is longer than 60 seconds, an alert is triggered.

  1. On the Alert Center page, click Alert Rule.

  2. Click Create Alert.

  3. In the Create Alert panel, configure the parameters and click OK.

    The following table describes the parameters and provides examples of parameter values.

    创建监控告警规则

    Parameter

    Description

    Example

    Rule Name

    The name of the alert monitoring rule.

    Website Logs_Alert Monitoring Rule

    Check Frequency

    The frequency at which query and analysis results are checked.

    • Hourly: Query and analysis results are checked every hour.

    • Daily: Query and analysis results are checked at a specified point in time every day.

    • Weekly: Query and analysis results are checked at a specified point in time on a specified day of each week.

    • Fixed Interval: Query and analysis results are checked at a specified interval.

    • Cron: Query and analysis results are checked at an interval that is specified by a cron expression.

      A cron expression can specify an interval that is accurate to the minute. The cron expression is based on the 24-hour clock. For example, 0 0/1 * * * indicates that query and analysis results are checked at an interval of 1 hour from 00:00.

    Daily, 00:00

    Query Statistics

    Click Create. In the Query Statistics dialog box, configure information about a query statement. For more information about the limits of query and analysis, see Query and analysis.

    • Associated Report: On this tab, you can select a dashboard to monitor data.

    • Advanced Settings: On the Advanced Settings tab, you can select Logstore, Metricstore, or Resource Data from the Type drop-down list to specify the type of data that you want to monitor.

      • Logstore: Logs are stored. For more information about query and analysis configurations, see Query and analyze logs.

      • Metricstore: Metrics are stored. For more information about query and analysis configurations, see Query and analyze metric data.

      • Resource Data: The external data that you want to associate with the alert monitoring rule can be specified. For more information, see Create resource data.

    If you specify multiple query statements, you can configure the Set Operations parameter to associate the query and analysis results of the statements. For more information, see Multi-set operations.

    • 0: Select the request success ratio chart on the SLB Operation Logs dashboard.

    • 1: Select the request_time trend chart on the SLB Operation Logs dashboard.

    • Set the Set Operations parameter to CROSS JOIN.

    Group Evaluation

    Simple Log Service can group query and analysis results.

    • Custom Label: Simple Log Service groups query and analysis results based on the fields that you configure. After Simple Log Service groups the query and analysis results, Simple Log Service checks whether the query and analysis results in each group meet the trigger condition. If the query and analysis results in each group meet the trigger condition in each check period, an alert is triggered for each group.

      You can configure multiple fields.

    • No Grouping: Only one alert is triggered in each check period when the trigger condition is met.

    • Auto Label: If you select Metricstore from the Type drop-down list in the Query Statistics dialog box, Simple Log Service automatically groups query and analysis results. A value of Metricstore specifies that the query and analysis results of metrics are monitored.

      After Simple Log Service groups the query and analysis results, Simple Log Service checks whether the query and analysis results in each group meet the trigger condition. If the query and analysis results in each group meet the trigger condition in each check period, an alert is triggered for each group.

    No Grouping

    Trigger Condition

    The trigger condition and severity of an alert.

    • Trigger condition

      • Data is returned: If data is returned in the query and analysis results, an alert is triggered.

      • the query result contains: If the query and analysis results contain N data entries, an alert is triggered.

      • data matches the expression: If the query and analysis results contain data that matches a specified expression, an alert is triggered.

      • the query result contains and matches: If the query and analysis results contain N data entries that match a specified expression, an alert is triggered.

    • Severity

      This parameter is used to denoise alerts and manage alert notifications. When you create an alert policy or an action policy, you can add severity-based conditions. For more information, see Specify severity levels for alerts.

      • If you specify a trigger condition, you can specify a severity for the condition. In this case, all alerts that are triggered based on the alert monitoring rule have the same severity.

      • If you specify more than one trigger condition, you can specify a severity for each condition. You can click Create to specify more trigger conditions.

    For more information about the syntax of conditional expressions in alert monitoring rules, see Syntax of trigger conditions in alert rules.

    • data matches the expression

    • $0.success_ratio <90&&$1.Average response time\(s\) >60

    • Severity: Medium

    Note

    If a field contains parentheses (), you must use backslashes (\) to escape the parentheses ().

    Add Annotation

    Simple Log Service allows you to add annotations as non-identifying attributes to alerts. Annotations are key-value pairs. This parameter is used to denoise alerts and manage alert notifications. When you create an alert policy or an action policy, you can add annotation-based conditions. For more information, see Labels and annotations.

    If you turn on Auto-Add Annotations, fields such as __count__ are automatically added to alerts. For more information, see Auto-Add switch.

    • Title: Monitor the request success ratio and average response time of a website

    • Description: Request success ratio: ${success_ratio}, Average response time: ${Average response time(s)}

    • Auto-Add Annotations: turned on

    Threshold of Continuous Triggers

    The threshold to trigger an alert. If the number of consecutive times the specified trigger condition is met reaches the value of this parameter, an alert is triggered. The system does not count the number of times when the specified trigger condition is not met.

    1

    Alert Policy

    Alert policies are used to merge and silence alerts.

    • If you select Simple Mode or Standard Mode, you do not need to configure alert policies. By default, Simple Log Service uses the built-in alert policy sls.builtin.dynamic to manage alerts.

    • If you select Advanced Mode, you can select a built-in or custom alert policy to manage alerts. For more information about how to create an alert policy, see Create an alert policy.

    Simple Mode

    Action Policy

    Action policies are used to manage alert notification methods and the frequency at which alert notifications are sent.

    • If you set the Alert Policy parameter to Simple Mode, you need to only configure an action group for this parameter.

      After you configure the action group, Simple Log Service automatically creates an action policy named Rule name-Action policy. Alert notifications are sent based on the action policy for all alerts that are triggered based on the alert monitoring rule. For more information, see Notification methods.

      Important

      You can modify an action policy on the Action Policy tab. For more information, see Create an action policy. If you add conditions when you modify an action policy, the value of the Alert Policy parameter is automatically changed to Standard Mode.

    • If you set the Alert Policy parameter to Standard Mode or Advanced Mode, you can select a built-in action policy or a custom action policy to send alert notifications. For more information about how to create an action policy, see Create an action policy.

      If you set the Alert Policy parameter to Advanced Mode, you can turn on or turn off Custom Action Policy. For more information, see Dynamic action policy mechanism.

    • Notification Method: SMS Message

    • Recipient: LogServiceOperations

    • Alert Template: SLS builtin content template

    • Period: Any Time

    Repeat Interval

    If duplicate alerts are triggered in the specified period, the action policy that you select is executed only once, and only one alert notification is sent.

    5 Minutes

Step 3: View alert records

After you configure an alert monitoring rule, Simple Log Service monitors the query and analysis results based on the rule. If the query and analysis results meet the specified trigger condition, an alert is triggered. You can view the alert records on the Alert Rule Center tab.

  1. On the Alert Center page, choose Alert Dashboards > Alert Rule Center.

  2. In the Alert Rule Execution Status chart, view the alert monitoring rules that are executed.

    查看告警