Log Service allows you to use CloudMonitor to set alarm rules. An alarm SMS or email is sent when the service status meets the configured alarm rules. Configure the alarm rules to monitor Log Service in the CloudMonitor console. Then, you can monitor the log collection status of Logtail, shard usage status, and write traffic of projects.

Procedure

On the CloudMonitor console, click xCloudMonitor console >  Log Serviceclick Alarm Rules at the right of the Logstore.  Then, click Create Alarm Rule in the upper-right corner.

  1. Configure the related resource.
    1. From the Products drop-down list,  select Log Service.
    2. Select the resource range.

      You can select All Resources, Application Group, or projectDimensions.

      • All Resources – An alarm notification is sent when any instance in Log Service meets the alarm rules.
      • Application Group - An alarm notification is sent when any instance in an application group meets the alarm rules.
      • projectDimensions - An alarm notification is sent only when the selected instances meet the alarm rules.
    3. Select the region.
    4. Select one or more Projectand Logstore. You can select one or more projects and logstores.
    Figure 1. Associated resources


  2. Set the alarm rules.

    You can set one or more alarm rules.

    1. Enter the alarm rule name.
    2. Configure the rule description.

      Define your monitoring policy here by selecting the monitoring item and configuring the threshold for the monitoring item.  CloudMonitor sends an alarm notification when the threshold is exceeded.

      For more information about the description of each monitoring item, see Log Service monitoring metrics. For more information about the statistical method, see Monitor Log Service.

    3. Select thealarm_type.  By default, Any alarm_type is selected.
    4. Set the mute time , which is the time interval between two alarm notifications if the condition that triggers the alarm is still abnormal after an alarm notification is sent.
    5. Select a number from the Triggered when threshold is exceeded for drop-down list.  The alarm is triggered after the threshold is exceeded for the selected number of times successively, that is, the alarm is triggered after the alarm detection results meet your configured rule description for the selected number of times successively.
    6. Select the effective period  for your monitoring policy.The monitoring alarm policy only works within the selected period.
    Figure 2. Set alarm rules


  3. Configure the notification method.
    1. Notification contact. Send a notification in the contact group level.
    2. Alarm level. Select Warningor Info as per your needs. Different levels have different notification methods.
    3. Notification subject and remark By default, the notification subject is the product name + monitoring item name + instance ID.
    4. HTTP callback. Enter a URL that can be accessed by the Internet. CloudMonitor pushes the alarm notification to this address by using the POST request. Currently, only HTTP protocol is supported.
    Figure 3. Notification Method


Click Confirm after the configurations to complete the configuration of monitoring policy.

Example

Monitor log collection status of Logtail

Errors may occur because of incorrect configurations when Logtail is running. For example, some log formats do not match or a log file is repetitively collected.  For more information, see Basic questions of Logtail. To find such errors in time, you can monitor the metrics such as lines failed to be resolved and number of errors on Logtail.

The monitoring rule configuration is as follows:

Enter the alarm rule name and configure the rule description. Select Lines failed to be resolved or Number of errors as needed. Configure the rule items such as statistical period and method.  You can also set alarm rules based on other errors of Logtail. Then, you can find the log collection errors in time.

The following figure shows that an alarm is triggered when the number of lines failed to be resolved within five minutes is greater than one. The monitoring lasts 24 hours.
Figure 4. Monitor logtail log collection status


Monitor shard usage status

Each shard in a Logstore provides the write capability of 5 MB/s (500 times per second),  which is sufficient in most cases. When the capability limit is exceeded, Log Service attempts to serve (rather than deny) your requests, but does not guarantee the availability of data that exceeds the limit during peak hours. You can detect this situation by setting an alarm rule on Logstore outbound and inbound traffic. If your data volume is large and needs more shards, adjust the number of shards in the console in time. 

Use the following solutions to set an alarm rule on Logstore traffic.

Solution 1: Set an alarm rule on traffic

Enter the alarm rule name. Select Size of Raw Data.  Configure the statistical period and method. For example, to trigger the alarm when 100 GB/5 minutes is exceeded, set the rule description to 5 mins, Total, >=, and 102400, which means the alarm is triggered if the total traffic within five minutes exceeds 102400 MB.
Figure 5. Set up traffic alert


Solution 2: Set an alarm rule on service status

Enter the alarm rule name. Select Service Status. Configure the statistical period and method.  For example, to trigger the alarm when 403 service status occurs more than once within five minutes, set the rule description to 5 mins, Number of, >=, and 1, and enter 403 in the status field.
Figure 6. Set service status alarm


Monitor write traffic of projects

By default, each project provides the write capability of 30 GB/min (the size of raw data), which is used to protect you from generating large amounts of logs because of program errors.  In most cases, this write capability is sufficient. The capability limit may be exceeded if your log volume is large. Open a ticket to increase the value.

Configure the monitoring policy of project quota as described in the following figure.

This example indicates that an alarm notification is sent when the write traffic within five minutes is greater than 150 GB.
Figure 7. Monitors write traffic for Project