You can create a log monitoring metric and create an alert rule for the metric. You can also modify and delete a metric.

Prerequisites

Create a log monitoring metric

  1. Log on to the CloudMonitor console.
  2. In the left-side navigation pane, click Log Monitoring.
  3. On the Log Monitoring page, click Create Log Monitoring Metric.
  4. In the Associate Resource step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Region The region in which the Log Service project resides.
    Project The name of the Log Service project.
    Logstore The name of the Log Service Logstore.
  5. In the Define Metric step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Metric Name The name of the metric.
    Unit The unit of the metric.
    Computing Cycle The statistical period of the metric. Unit: minutes. Valid values: 1, 2, 3, 4, 5, 10, 15, 20, 30, and 60.
    Statistical Method The function that is used to aggregate log data within a statistical period. If the value of the specified field is a numeric value, you can use all statistical methods. Otherwise, you can use only the Count and countps methods to aggregate log data. Valid values:
    • Count: calculates the number of values of the specified field within a statistical period.
    • Sum: calculates the sum of the values of the specified field within the last minute.
    • Max: calculates the maximum value of the specified field within a statistical period.
    • Min: calculates the minimum value of the specified field within a statistical period.
    • Average: calculates the average of the values of the specified field within a statistical period.
    • countps: calculates the number of values of the specified field divided by the total number of seconds within a statistical period.
    • sumps: calculates the sum of the values of the specified field divided by the total number of seconds within a statistical period.
    • distinct: calculates the number of unique values of the specified field within a statistical period.
    Extended Field Performs basic operations on calculation results. For example, after you set the Statistical Method parameter to aggregate log data, you specify a field as TotalNumber to calculate the total number of HTTP requests. At the same time, you specify another field as 5xxNumber to calculate the number of HTTP requests whose status code is greater than 499. In this case, you can specify an extended field to calculate the server error rate by using the following formula: 5XXNumber/TotalNumber × 100%.
    Log Filter Filters log data. This parameter is equivalent to the WHERE clause in SQL. For example, if you want to monitor logs in which the value of the level field is ERROR, set the parameter to level>=ERROR.

    The name of the log field that you use to filter data cannot contain Chinese characters.

    Group-By The dimension based on which data is aggregated. This parameter is equivalent to the GROUP BY clause in SQL.

    Log data is grouped by the specified dimension. If you do not specify a dimension, all data is aggregated based on the specified aggregate function.

    For more information, see GROUP BY clause.

    Select SQL Converts the statistical methods that you specify to an SQL statement. This parameter indicates how data is processed.
    Application Group The name of the application group. The metric is added to the specified application group.
  6. In the Configure Alert Rule step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Alert Rule Enter a name for the alert rule.
    Rule Description The condition that triggers alerts. If the metric meets the specified condition, an alert is triggered.
    Alert Level The alert notification method. Valid value:

    Email + WebHook

    Triggered when threshold is exceeded for The number of consecutive times that the threshold value is exceeded. If the number of times exceeds the limit that you specify, the alert contacts in the contact group receive alert notifications. Valid values: 1, 3, 5, 10, 15, and 30.
    Mute For The interval at which CloudMonitor sends alert notifications until the alert that is triggered based on the alert rule is cleared. Valid values: 5 min, 10 min, 15 min, 30 min, 60 min, 3 h, 6 h, 12 h, and 24 h.

    If the threshold value is exceeded, CloudMonitor sends an alert notification. If the threshold value is exceeded again within the mute period, CloudMonitor does not resend an alert notification. If the alert is not cleared after the mute period ends, CloudMonitor resends an alert notification.

    Effective Time The period during which the alert rule is effective. CloudMonitor monitors the specified resources based on the alert rule only within the specified period.
    Alert Callback The callback URL that can be accessed over the Internet. CloudMonitor sends a POST or GET request to push an alert notification to the callback URL that you specify. Only HTTP requests are supported. For information about how to configure alert callback, see Use the alert callback feature to send notifications about threshold-triggered alerts.
  7. In the Creation Result step, click Close.

Modify a log monitoring metric

  1. Log on to the CloudMonitor console.
  2. In the left-side navigation pane, click Log Monitoring.
  3. On the Log Monitoring page, find the metric that you want to modify and click the Modify icon in the Actions column.
  4. In the Associate Resource step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Region The region in which the Log Service project resides.
    Project The name of the Log Service project.
    Logstore The name of the Log Service Logstore.
  5. In the Define Metric step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Unit The unit of the metric.
    Computing Cycle The statistical period of the metric. Unit: minutes. Valid values: 1, 2, 3, 4, 5, 10, 15, 20, 30, and 60.
    Statistical Method The function that is used to aggregate log data within a statistical period. If the value of the specified field is a numeric value, you can use all statistical methods. Otherwise, you can use only the Count and countps methods to aggregate log data. Valid values:
    • Count: calculates the number of values of the specified field within a statistical period.
    • Sum: calculates the sum of the values of the specified field within the last minute.
    • Max: calculates the maximum value of the specified field within a statistical period.
    • Min: calculates the minimum value of the specified field within a statistical period.
    • Average: calculates the average of the values of the specified field within a statistical period.
    • countps: calculates the number of values of the specified field divided by the total number of seconds within a statistical period.
    • sumps: calculates the sum of the values of the specified field divided by the total number of seconds within a statistical period.
    • distinct: calculates the number of unique values of the specified field within a statistical period.
    Extended Field Performs basic operations on calculation results. For example, after you set the Statistical Method parameter to aggregate log data, you specify a field as TotalNumber to calculate the total number of HTTP requests. At the same time, you specify another field as 5xxNumber to calculate the number of HTTP requests whose status code is greater than 499. In this case, you can specify an extended field to calculate the server error rate by using the following formula: 5XXNumber/TotalNumber × 100%.
    Log Filter Filters log data. This parameter is equivalent to the WHERE clause in SQL. For example, if you want to monitor logs in which the value of the level field is ERROR, set the parameter to level>=ERROR.

    The name of the log field that you use to filter data cannot contain Chinese characters.

    Group-by The dimension based on which data is aggregated. This parameter is equivalent to the GROUP BY clause in SQL.

    Log data is grouped by the specified dimension. If you do not specify a dimension, all data is aggregated based on the specified aggregate function.

    For more information, see GROUP BY clause.

    Select SQL Converts the statistical methods that you specify to an SQL statement. This parameter indicates how data is processed.
    Application Group The name of the application group. The metric is added to the specified application group.
  6. In the Configure Alert Rule step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Alert Rule Enter a name for the alert rule.
    Rule Description The condition that triggers alerts. If the metric meets the specified condition, an alert is triggered.
    Alert Level The alert notification method. Valid value:

    Email + WebHook

    Triggered when threshold is exceeded for The number of consecutive times that the threshold value is exceeded. If the number of times exceeds the limit that you specify, the alert contacts in the contact group receive alert notifications. Valid values: 1, 3, 5, 10, 15, and 30.
    Mute For The interval at which CloudMonitor sends alert notifications until the alert that is triggered based on the alert rule is cleared. Valid values: 5 min, 10 min, 15 min, 30 min, 60 min, 3 h, 6 h, 12 h, and 24 h.

    If the threshold value is exceeded, CloudMonitor sends an alert notification. If the threshold value is exceeded again within the mute period, CloudMonitor does not resend an alert notification. If the alert is not cleared after the mute period ends, CloudMonitor resends an alert notification.

    Effective Time The period during which the alert rule is effective. CloudMonitor monitors the specified resources based on the alert rule only within the specified period.
    Alert Callback The callback URL that can be accessed over the Internet. CloudMonitor sends a POST or GET request to push an alert notification to the callback URL that you specify. Only HTTP requests are supported. For information about how to configure alert callback, see Use the alert callback feature to send notifications about threshold-triggered alerts.
  7. In the Creation Result step, click Close.

Delete one or more log monitoring metrics

  1. Log on to the CloudMonitor console.
  2. In the left-side navigation pane, click Log Monitoring.
  3. Delete one or more metrics.
    • Delete a single metric
      1. Find the metric that you want to delete and click the Delete icon icon in the Actions column.
      2. In the Confirm Delete message, click Confirm.
    • Delete multiple metrics at a time
      1. Select the metrics that you want to delete and click Delete in the lower-left corner of the page.
      2. In the Confirm Delete message, click Confirm.