Use the log monitoring feature to monitor business logs and configure alert rules - CloudMonitor

This topic describes how to analyze logs that are collected by Log Service and configure an alert rule for the logs.

Prerequisites

On-premises logs are collected and stored in Log Service. For more information, see Log Service.

Procedure

Optional. Grant CloudMonitor the permissions to access Log Service.
The first time you use the log monitoring feature, you must grant CloudMonitor the permissions to access Log Service.
1. Log on to the CloudMonitor console.
2. In the left-side navigation pane, click Log Monitoring.
3. In the Service-linked Role for CloudMonitor dialog box, click OK.

Create a log monitoring metric.

In the upper-left corner of the Log Monitoring page, click Create Log Monitoring Metric.
In the Associate Resource step, select the resources that you want to associate and click Next.

In the Define Metric step, set the parameters and click Next.

The following table describes the parameters.


Parameter	Description
Metric Name	The name of the metric.
Unit	The unit of the metric.
Computing Cycle	The statistical period of the metric. Unit: minutes. Valid values: 1, 2, 3, 4, 5, 10, 15, 20, 30, and 60.
Statistical Method	The function that is used to aggregate the log data of a statistical period. If the value of the specified field is a numeric value, you can use all statistical methods. Otherwise, you can use only the Count and countps methods to aggregate data. Valid values: Count: calculates the number of values of the specified field within a statistical period. Sum: calculates the sum of the values of the specified field within the last minute. Max: calculates the maximum value of the specified field within a statistical period. Min: calculates the minimum value of the specified field within a statistical period. Average: calculates the average of the values of the specified field within a statistical period. countps: calculates the number of values of the specified field divided by the total number of seconds of a statistical period. sumps: calculates the sum of the values of the specified field divided by the total number of seconds of a statistical period. distinct: calculates the number of unique values of the specified field within a statistical period.
Extended Field	Performs basic operations on calculation results. For example, after you set the Statistical Method parameter to aggregate log data, you specify a field as TotalNumber to calculate the total number of HTTP requests. At the same time, you specify another field as 5xxNumber to calculate the number of HTTP requests whose status code is greater than 499. In this case, you can specify an extended field to calculate the server error rate by using the following formula: 5XXNumber/TotalNumber × 100%.
Log Filter	Filters log data. This parameter is equivalent to the WHERE clause in SQL. For example, if you want to monitor logs in which the value of the level field is ERROR, set the parameter to `level=Error`. The name of the log field that you want to use to filter data cannot contain Chinese characters.
Group-by	The dimension based on which data is aggregated. This parameter is equivalent to the GROUP BY clause in SQL. Log data is grouped by specified dimension. If you do not specify a dimension, all data is aggregated based on the specified aggregate function. For more information, see GROUP BY clause.
Select SQL	Converts the statistical methods that you specify to an SQL statement. This parameter indicates how data is processed.
Application Group	The name of the application group. The metric is added to the specified application group.

In the Define Metric step, click Preview to preview the aggregated log data of the last minute by using the specified statistical methods. Only the most recent 100 logs of the last minute are analyzed. The following figure shows a sample preview result.

In the Configure Alert Rule step, set the parameters and click Next.
In the Creation Result step, click Close.

View the monitoring data of the metric.
After you create the log monitoring metric, wait for 3 to 5 minutes. On the Log Monitoring page, find the metric whose monitoring chart you want to view and click the icon in the Actions column.
View the alert notifications that are sent for the metric.
If the metric meets the specified condition in the alert rule, CloudMonitor sends an alert notification.