Simple Log Service provides built-in alert monitoring rules. To monitor a Kubernetes cluster in real time, you need to only configure an alert monitoring rule to generate an alert instance. Then, you can receive alert notifications such as DingTalk messages. This topic describes how to configure alerts.
Prerequisites
An event center is created in K8s Event Center, and Kubernetes cluster events are collected to the event center. For more information, see Create and use an event center.
Background information
K8s Event Center provides the following built-in resources: alert monitoring rules, Container Service for Kubernetes (ACK) action policy, ACK user group, ACK-pod alert template, ACK alert template, ACK-node alert template, and ACK-object alert template. The built-in resources can meet the requirements of most alerting scenarios. Before you use the built-in resources, take note of the following items:
You can specify the ACK action policy in an alert monitoring rule.
You can specify the ACK user group and an alert template in the ACK action policy. The alert template can be an ACK-pod alert template, ACK alert template, ACK-node alert template, or ACK-object alert template.
After an alert is triggered, Simple Log Service sends an alert notification to the specified users based on the action policy.
Step 1: Create a user
Log on to the Log Service console.
In the Log Application section, click the Intelligent O&M tab and click K8s Event Center.
In the left-side navigation pane, click the
icon of the event center that you want to manage. Then, click Alert Configuration. On the Alert Center page, choose .
Create a user.
For more information, see Create users.
Step 2: Add the user to the ACK user group
On the Alert Center page, choose .
In the user group list, click Edit for sls.app.ack.builtin.
In the Edit User Group dialog box, add the user that you create from the Available Members section to the Selected Members section. Then, click OK.
Step 3: Add an alert instance
Simple Log Service provides dozens of built-in alert monitoring rules for K8s Event Center. You need to only configure an alert monitoring rule to generate alert instances based on your business requirements. In the following example, the Cluster Node Ready alert monitoring rule is configured to generate an alert instance.
On the Alert Rules/Incidents tab of the Alert Center page, click SLS K8s Event Center.
In the alert monitoring rule list, find Cluster Node Ready and click Settings in the Actions column.
In the Parameter Settings dialog box, configure the following parameters and click Save and Enable.
Parameter
Description
ACK Cluster ID
If you use an ACK cluster, set this parameter to the ID or name of the cluster.
If you use a self-managed Kubernetes cluster, set this parameter to an arbitrary value.
The cluster is the one that you use when you deploy the eventer and node-problem-detector components. For more information, see Deploy eventer and node-problem-detector components.
Action Policy
Select an action policy for the alert monitoring rule. Simple Log Service sends alert notifications to the specified users based on this action policy.
Default value:
sls.app.ack.builtin, which indicates the ACK action policy. You can also create a custom action policy. For more information, see Create an action policy.Repeat Interval
Specify a period during which notifications for repeated alerts are not sent. During this period, Simple Log Service does not notify you of repeated alerts. Examples: 1d, 2h, and 3m. The value 1d indicates 1 day, the value 2h indicates 2 hours, and the value 3m indicates 3 minutes.
Severity
Specify the severity of an alert.
SendResolved
If you specify Yes for this parameter, a recovery alert is triggered when an alert is cleared.
Trigger Count
Specify the threshold to trigger an alert. If the number of consecutive times that the specified trigger condition is met reaches the value of this parameter, an alert is triggered. The system does not count the number of times when the specified trigger condition is not met.
Click Save and Enable.
What to do next
After you configure the alerts for an event center, you can perform the following operations.
Operation | Description |
Disable an alert instance | If you disable an alert instance, the value in the Status column of the alert instance changes to Not Enabled, and alerts are no longer triggered based on the alert instance. The configurations of the alert monitoring rule are not deleted. If you want to enable the alert instance again, you do not need to reconfigure the parameters of the alert monitoring rule. |
Pause an alert instance | If you pause an alert instance, alerts are not triggered based on the alert instance within a specified period of time. |
Delete an alert instance | If you delete an alert instance, the value in the Status column of the alert instance changes to Not Created. The configurations of the alert monitoring rule are deleted. If you want to enable the alert instance again, you must reconfigure the parameters of the alert monitoring rule. |
Reconfigure an alert instance | You can reconfigure the parameters of an alert instance. |
View | You can view the general information and historical report of an alert. |
Follow | You can add an alert instance to the list that you follow. |
Customize an alert monitoring rule | If a built-in alert monitoring rule does not meet your business requirements, you can click Create Alert to create a custom alert monitoring rule. For more information, see Create an alert monitoring rule for logs. |