This topic describes the features that are included in the new version of the alerting module in Log Service.
|Alert monitoring||Basic feature||Query and analysis of logs||You can use the query statements of Log Service and the SQL-92 syntax to query and analyze logs. For more information, see Syntax.|
|Query and analysis of time series data||You can use the PromQL syntax and SQL-92 syntax to analyze data. For more information, see Overview of time series search and analysis.|
|Machine learning||You can use machine learning features, such as prediction and anomaly detection and the root cause analysis. These features can be used to call AIOps algorithms. For more information, see Machine learning syntax.|
|Associated monitoring||Associated monitoring of Logstores or Metricstores||You can use SQL JOIN clauses or alert operations to collaboratively monitor Logstores or Metricstores.|
|Associated monitoring for Logstores and Metricstores||You can use SQL JOIN clauses or set operations to perform associated monitoring for Logstores and Metricstores.|
|Associated monitoring across projects||You can use set operations to perform associated monitoring across projects.|
|Associated monitoring across regions||You can use set operations to perform associated monitoring across regions.|
|Associated monitoring across Alibaba Cloud accounts||You can use set operations to perform associated monitoring across Alibaba Cloud accounts.|
|Blacklist and whitelist monitoring||You can use resource data to monitor blacklists and whitelists.|
|Orchestration of monitoring rules||No-data alert||You can configure no-data alerts.|
|Alert severity||You can configure static or dynamic settings for alert severities.|
|Label and annotation||You can customize labels and annotations for alerts. You can set a label value to a variable.|
|Group evaluation||You can group query results.|
|Recovery notification||Recovery notifications are supported.|
|Threshold of continuous triggers||You can specify a threshold of continuous triggers to suppress alerts.|
|Monitoring task||You can pause or disable a monitoring task.
If you pause a monitoring task, you can specify a pause period before the monitoring task is resumed.
|Alert management||Alert denoising||Alert deduplication||In a time window, duplicate alerts can be removed. You can also specify the frequency at which alert notifications are sent. For more information, see Deduplicate alerts based on fingerprints.|
|Alert merging||You can add a route consolidation policy. If a large number of alerts are triggered, they are grouped into one or more sets based on the route consolidation policy. The alerts in the same set are merged into one alert. Then, a notification is sent for this alert. For more information, see Merge alerts.|
|Alert suppression||You can add a suppression policy to suppress alert notifications that are generated by specified alerts.|
|Alert silence||You can add a silence policy. During the specified silence period, alerts that meet the specified conditions do not trigger alert notifications.|
|Alert incident||Incident status||You can switch incident statuses. An incident can be in the Confirmed, Resolved, or Ignored state.|
|Incident handler||You can specify one or more handlers for an incident.|
|Auto dispatch||Incidents can be automatically dispatched to specified handlers.|
|Notification management||Action policy||Dynamic dispatch of notification methods||Alert notifications can be dynamically dispatched to specified users, user groups, or on-duty groups of a specified notification method. For more information, see Create an action policy.|
|Alert escalation||You can add a secondary action policy. If an alert remains unresolved or unconfirmed for a long period of time, the alert is escalated and a notification is sent to the specified recipients.|
|Recipient||User||An independent user. For more information, see Create users and user groups.|
|User group||A user group contains multiple users. For more information, see Create users and user groups.|
|On-duty group||You can create an on-duty group for users and user groups. You can schedule rotating shifts based on cycles and business hours. For more information, see Create an on-duty group.|
|Calendar||Holiday||Holidays can be automatically identified. The notification methods during holidays can be automatically adjusted.|
|Night||The specific periods of time at night can be identified. The notification methods during the specified periods of time at night can be automatically adjusted.|
|Internationalization||Holidays in China and the United States can be automatically synchronized.|
|Shift plan||Rotating shift||You can add a rotating shift for multiple users and user groups based on a specified cycle.|
|Substitute shift||You can specify a temporary employee as a substitute during a specified period of time.|
|Holiday||Rotating shifts or substitute shifts can be automatically adjusted during holidays.|
|Custom calendar||You can configure a custom calendar for your on-duty group. You can also reset the calendar.|
|Notification method quota||SMS message quota||Each phone number can receive a maximum of 9,999 SMS messages per day. You can customize the quota.|
|Voice call quota||Each phone number can receive a maximum of 9,999 voice calls per day. You can customize the quota.|
|Email quota||Each email address can receive a maximum of 9,999 emails per day. You can customize the quota.|
|Notification method||SMS message||Alert notifications are sent by using SMS messages.|
|Voice call||Alert notifications are sent by using voice calls.|
|Alert notifications are sent by using emails.|
|DingTalk||Alert notifications are sent by using DingTalk chatbots.|
|Webhook||Alert notifications are sent to a custom webhook URL by calling an HTTP or HTTPS request.
The webhook notification method can be used to extend notification channels, such as Enterprise WeChat, Feishu, and Slack.
|Message Center||Alert notifications are sent by using Message Center.|
|Alert analysis||Alert Center||Report on the running records of alert monitoring rules||A report on the running records of alert monitoring rules allows you to fix errors in an efficient manner.|
|Monitoring Rule Center||The Monitoring Rule Center dashboard displays the running statuses of alert monitoring rules and the statuses of alerts.|
|Alert Link Center||The Alert Link Center dashboard displays the entire pipeline of alerts that are triggered based on the related alert monitoring rules. The pipeline starts from the alert management system and ends at the notification management system.|
|Troubleshooting Center||The Troubleshooting Center dashboard displays the the statistics of errors that occur in the alert monitoring system, alert management system, and notification management system. This allows you to fix errors in an efficient manner.|
|Global storage||The global storage of alert data allows you to view related incidents or logs in an efficient manner.
After you initialize the alerting feature, a project named sls-alert-Alibaba Cloud account ID-region and a Logstore named internal-alert-center-log are automatically created in the selected region. The Logstore is used to store alert data.