This topic lists the key terms for the alert management system in ARMS.
B
Fill with 0, Fill with 1, Fill with null
For the alert data revision policy, you can select Fill with 0, Fill with 1, or Fill with null (default). This feature is used to correct data anomalies, such as missing data, abnormal compound indicators, and abnormal period-over-period or year-over-year comparisons.
Fill with 0: Sets the value to 0.
Fill with 1: Sets the value to 1.
Fill with null: Prevents an alert from being triggered.
Scenarios:
Anomaly 1: Missing data
User A wants to use the alerting feature to monitor page views. When creating an alert, User A selects a Browser Monitoring alert and sets an alert rule. The rule is configured to trigger an alert if the total number of page views is less than or equal to 10 within a specific period (N=5). If the page is not accessed, no data is reported, and no alert is sent. To resolve this issue, you can select Fill with 0 for the alert data revision policy. This setting treats the absence of data as a value of zero. This condition then meets the alert rule, and an alert is sent.
Anomaly 2: Abnormal compound indicator
User B wants to use the alerting feature to monitor the real-time unit price of a commodity. When creating an alert, User B selects a custom monitoring alert. User B sets the dataset for variable 'a' to the current total price and the dataset for variable 'b' to the current total number of items. The alert rule is configured to trigger an alert if the minimum value of (current total price) / (current total number of items) is less than or equal to 10 within a specific period (N=3). If the current total number of items is 0, the value of the compound indicator (current total price) / (current total number of items) cannot be calculated, and no alert is sent. To resolve this issue, you can select Fill with 0 for the alert data revision policy. This setting treats the value of the compound indicator as 0. This condition then meets the alert rule, and an alert is sent.
Anomaly 3: Abnormal period-over-period or year-over-year comparison
User C wants to use the alerting feature to monitor the CPU usage percentage of a node. When creating an alert, User C selects Application Monitoring and sets an alert rule. The rule is configured to trigger an alert if the average CPU usage percentage of the node decreases by 100% period-over-period within a specific period (N=3). If the CPU of the node fails in the last N minutes, data for the current period cannot be obtained. This means the period-over-period result cannot be calculated, and no alert is sent. To resolve this issue, you can select Fill with 1 for the alert data revision policy. This setting treats the period-over-period result as a 100% decrease. This condition then meets the alert rule, and an alert is sent.
C
Repeat escalation rules
If an alert remains unresolved after an escalation policy has processed all its rules, the escalation process restarts. By default, the escalation repeats once. You can change the number of repetitions to an integer up to 9.
G
Alert
An event that requires a contact to resolve. Alerts are created only for events that are triggered by a notification policy and require resolution.
Alert management system
The complete alert management feature.
Alert card
A chatbot in a DingTalk group sends alerts to the group as a card. Contacts can view, handle, and resolve alerts from the card. You can configure the chatbot for your DingTalk group in the console.
Automatic alert resolution
When all events related to an alert have recovered, the alert is automatically set to Resolved.
Fault
An abnormality in monitoring data that can be caused by business rules. When a monitoring tool detects an abnormality, it generates an event.
H
Period-over-period increase/decrease (%)
Compares data from the last N minutes (β) with data from the period between 2N minutes ago and N minutes ago (α). The data can be an average, sum, maximum, or minimum value.
J
Integration
The process of connecting a monitoring product with the alert management system, typically using APIs. Most monitoring products can be integrated.
L
Contact
An operations and maintenance (O&M) engineer who handles alerts. Contacts can view, handle, and resolve alerts through DingTalk.
R
Claim alert
An operation where a contact takes ownership of an unresolved alert to become its handler.
S
Upgrade timeout
The period after which the alert management system notifies contacts in the escalation policy about unacknowledged or unresolved alerts. The default escalation timeout is 10 minutes. You can set it to any duration up to 90 minutes.
Escalation policy
A set of rules that defines which contacts to notify, and in what order, when an alert is not acknowledged or resolved within the escalation timeout. An escalation policy can be added to a notification policy.
Event
A record sent from an integrated monitoring product to the alert management system. An alert is created for each event unless the event is suppressed.
Event grouping
A feature that consolidates multiple related events into a single alert. This reduces the number of alerts that contacts need to handle and summarizes key information to reduce notification fatigue.
Event silencing
A feature that prevents alerts from being created for specific, unimportant events.
Event deduplication
A process that merges duplicate events sent from an integration into a single event. Only the number of occurrences is counted.
Automatic event recovery
A feature that automatically resolves an event after a specified period. The default automatic recovery period for events is 5 minutes.
T
Hour-over-hour increase/decrease (%)
Compares data from the last N minutes (β) with data from the same N-minute period in the previous hour (α). The data can be an average, sum, maximum, or minimum value.
Day-over-day increase/decrease (%)
Compares data from the last N minutes (β) with data from the same N-minute period on the previous day (α). The data can be an average, sum, maximum, or minimum value.
Notification
A message sent to contacts by the alert management system when an alert is triggered. The notification contains the alert object and title. Notifications can be sent by text message, email, WeChat, DingTalk group, or webhook.
Notification policy
A policy that determines how to consolidate events into alerts and how to notify contacts about assigned alerts. You can configure notifications to be sent by phone call, text message, email, or DingTalk group. This ensures that contacts are notified within one minute about alerts that require resolution or attention.
Y
User
An Alibaba Cloud account or a Resource Access Management (RAM) user. Users can perform the following operations in the ARMS console:
Create, edit, and modify notification policies.
Create, edit, and modify escalation policies.
Create, edit, and modify integrations.
View, handle, and resolve alerts.