If an alert is triggered by an alert monitoring rule, Simple Log Service merges or silences the alert based on the alert policy that is used by the alert monitoring rule. This topic describes how to create an alert policy.
Procedure
Log on to the Simple Log Service console.
Go to the Alert Policy tab.
In the Projects section, click a project.
In the left-side navigation pane, click Alerts.
On the Alert Center page, choose
.
On the Alert Policy tab, click Create.
In the Add Policy dialog box, configure the following parameters and click OK.
Parameter
Description
ID
The ID of the alert policy. The ID must be unique.
Name
The name of the alert policy.
Route and Merge Policy
The policy that is used to merge alerts. You can configure a merge policy to merge a large number of identical alerts that are triggered into an alert set. Simple Log Service considers an alert set as a single alert when Simple Log Service sends alert notifications. For more information, see Route and Merge Policy.
Silence Policy
The policy that is used to silence alerts. You can configure a silence policy to prevent Simple Log Service from sending notifications for alerts that match specified conditions in a silence period. For more information, see Silence Policy.
Route and Merge Policy
You can configure a merge policy to merge a large number of identical alerts that are triggered into an alert set. You can specify conditions to match alerts in the Condition node and configure rules to merge alerts in the Merge Alerts node.
Configuration description
On the Route and Merge Policy tab, click the icon.
Specify conditions to match alerts.
Configure rules to merge alerts.
Parameter
Description
Merge by
Select a standard based on which Simple Log Service merges alerts. Valid values:
Alert ID and All Labels: If you select this option, Simple Log Service merges the alerts that are triggered by the same alert monitoring rule and have the same labels into an alert set.
Alert ID: If you select this option, Simple Log Service merges the alerts that are triggered by the same alert monitoring rule into an alert set.
Alert Project: If you select this option, Simple Log Service merges the alerts that belong to the same project into an alert set.
Alert Project and Severity: If you select this option, Simple Log Service merges the alerts that belong to the same project and have the same alert severity into an alert set.
Alert Project and All Labels: If you select this option, Simple Log Service merges the alerts that belong to the same project and have the same labels into an alert set.
Custom: If you select this option, Simple Log Service merges alerts based on the attributes that you specify. The attributes include the IDs of Alibaba Cloud accounts, IDs of alert monitoring rules, and alert titles.
Action Policy
Select the action policy that you want to use.
NoteYou can specify an action policy when you create a merge policy. You can also specify an action policy when you create an alert monitoring rule.
If you select Dynamic Action Policy, the action policy that you specify when you create an alert monitoring rule is used.
If you select an action policy other than Dynamic Action Policy, the action policy that you select is used.
Group Wait
Specify the interval after which Simple Log Service sends an alert notification if the first alert set is created. We recommend that you set the unit to Seconds.
Group Interval
Specify the interval after which Simple Log Service sends an alert notification if the data in an alert set is modified. We recommend that you set the unit to Minutes.
Repeat Interval
Specify the interval after which Simple Log Service sends an alert notification if the data in an alert set remains the same. We recommend that you set the unit to Hours.
Click the icon for the Condition and Merge Alerts nodes to complete the configuration.
Configuration example
The following figure shows a merge policy. If alerts have an env label of prd, the alerts are merged by the projects to which the alerts belong, and the SLS built-in action policy is executed. If alerts have an env label of test, the alerts are merged by the alert monitoring rules that trigger the alerts, and the test action policy is executed.
Silence Policy
You can configure a silence policy to prevent Simple Log Service from sending notifications for alerts that match specified conditions in a silence period. You can specify conditions to match alerts in the Condition node and specify a silence period in the Silence Period node.
Configuration description
On the Silence Policy tab, click the icon.
Specify conditions to match alerts.
Specify a silence period.
Click the icon for the Condition and Silence Period nodes to complete the configuration.
Configuration example
The following figure shows a silence policy. If alerts have a severity of Medium and an expired label of true and the alert monitoring rule belongs to a project whose name contains test-project, the alerts are silenced for 1 hour. If alerts do not match the conditions and do not have an owner label, the alerts are permanently silenced.
What to do next
Delete a node
Right-click the node that you want to delete and select Delete Node.
Add a node
In this example, add a node to a merge policy.
NoteIf you have added the End node, you must delete the End node before you can add nodes such as Condition and Merge Alerts.
Click the icon to add a Condition node.
Click the icon to add a Merge Alerts node.
Click the icon to add an End node.