This topic describes the data structure of alert resource data.

Background information

Alert resource data includes users, user groups, on-duty groups, webhook integration, alert policies, action policies, alert templates, and other custom resource data. The alert policies include merge, inhibition, and silence policies.

Resource data is classified into two categories: resource and record. For example, a user is a resource, and each piece of user information is a record.

Category Attribute Description
Resource resource_name The name of a resource. For example, the resource name of a user is sls.common.user.
Record id The unique ID of a record. Data type: string.
tag The tag of a record. Data type: string.
value The complete value of a record. Data type: JSON string.

Data structure of alert resource data

Resource type resource_name field record_id field record_tag field Example Remarks
User sls.common.user user_id user_name
{
    "user_id": "alex",
    "user_name": "Alex",
    "email": [
        "***@example.com"
    ],
    "country_code": "86",
    "phone": "133********3333",
    "enabled": true,
    "sms_enabled": true,
    "voice_enabled": true
}
None.
User group sls.common.user_group user_group_id user_group_name
{
    "user_group_id": "devops",
    "user_group_name": "DevOps Team",
    "enabled": true,
    "members": [
        "alex"
    ]
}
None.
On-duty group sls.alert.oncall_group oncall_id oncall_name
{
    "oncall_id": "default_oncall",
    "oncall_name": "Default Oncall",
    "enabled": true,
    "overrides": [],
    "rotations": [
        {
            "targets": [
                {
                    "type": "user",
                    "target_id": "alex"
                },
                {
                    "type": "user_group",
                    "target_id": "devops"
                }
            ],
            "end_time": 0,
            "shift_day": "",
            "shift_time": "12:00",
            "shift_type": "day",
            "start_time": 1633017600,
            "shift_minute": 0,
            "end_time_type": "none",
            "shift_interval": 1,
            "shift_week_custom": null,
            "restriction_date_type": "workday",
            "restriction_time_type": "allday",
            "restriction_week_range": null,
            "restriction_time_custom_range": null
        }
    ],
    "calendar_id": "default_calendar"
}
This configuration is complex. We recommend that you complete the configuration in the Log Service console.
Webhook integration sls.alert.action_webhook id name
{
    "id": "custom-webhook",
    "name": "Custom Webhook",
    "type": "custom",
    "url": "http://localhost:9099/data/webhook",
    "method": "POST",
    "headers": [
        {
            "key": "Content-Type",
            "value": "application/json"
        },
        {
            "key": "Foo",
            "value": "bar"
        }
    ]
}
{
    "id": "dingtalk",
    "name": "Dingtalk Webhook",
    "type": "dingtalk",
    "url": "https://oapi.dingtalk.com/robot/send?access_token=**********",
    "method": "POST",
    "secret": "SEC**********",
    "headers": []
}
  • Set type to the type of the webhook. Valid values:
    • dingtalk: DingTalk webhook
    • wechat: Enterprise WeChat webhook
    • lark: Lark webhook
    • slack: Slack webhook
    • custom: custom webhook
  • For all the types except custom, set method to POST and headers to an empty array.
  • If you set type to dingtalk and select Additional Signature for Security Settings when you create a DingTalk chatbot or if you set type to lark and select Set signature verification for Security settings when you create a Lark bot, you must add the secret field.

    You can obtain the value of the secret field on the chatbot management page of DingTalk or the bot management page of Lark.

Alert policy sls.alert.alert_policy policy_id policy_name
{
    "policy_id": "sls.builtin",
    "policy_name": "SLS Builtin Alert Policy",
    "parent_id": "sls.root",
    "is_default": false,
    "group_script": "fire(action_policy=\"sls.builtin\", group={\"project\": \"__a__\", \"uid\": alert.aliuid}, group_wait=\"5s\", group_interval=\"2m\", repeat_interval=\"2m\")\nstop()\nfire(action_policy=\"sls.builtin\", group={\"alert_id\": alert.alert_id}, group_wait=\"5s\", group_interval=\"10s\", repeat_interval=\"2m\")\nif alert.labels.name ~= \"^\\\\w+s$\":\n\tfire(action_policy=\"sls.builtin\", group={\"product\": \"xxs\"}, group_wait=\"5s\", group_interval=\"10s\", repeat_interval=\"2m\")\n\tstop()\nstop()\nfire(action_policy=\"sls.builtin\", group={\"label_name\": alert.labels.name}, group_wait=\"10s\", group_interval=\"10s\", repeat_interval=\"2m\")",
    "inhibit_script": "if alert.severity >= 8:\n    silence alert.severity < 6",
    "silence_script": ""
}
  • Set is_default to false.
  • Set group_script to a merge policy.
  • Set inhibit_script to an inhibition policy.
  • Set silence_script to a silence policy.
  • If you use an SDK to perform the configuration, group_script, inhibit_script, and silence_script include only domain-specific language (DSL) script information and do not include UI configuration information. Therefore, you cannot view the graphical structure of the alert policy in the Log Service console.
Action policy sls.alert.action_policy action_policy_id action_policy_name
{
    "action_policy_id": "sls.builtin",
    "action_policy_name": "SLS Builtin Action Policy",
    "labels": {},
    "is_default": false,
    "primary_policy_script": "fire(type=\"webhook_integration\", integration_type=\"dingtalk\", webhook_id=\"dingtalk-test\", template_id=\"default-template\", period=\"any\")",
    "secondary_policy_script": "fire(type=\"voice\", users=[\"jizhi\"], groups=[\"group-jizhi\"], template_id=\"default-template\")",
    "escalation_start_enabled": false,
    "escalation_start_timeout": "10s",
    "escalation_inprogress_enabled": false,
    "escalation_inprogress_timeout": "10s",
    "escalation_enabled": false,
    "escalation_timeout": "4h0m0s"
}
  • Set is_default to false.
  • Set labels to an empty object. labels is a reserved parameter.
  • Set primary_policy_script to a primary action policy.
  • Set secondary_policy_script to a secondary action policy.
  • Set escalation_* to determine whether to enable a secondary action policy. For more information, see the configuration items in the Log Service console.
  • If you use an SDK to perform the configuration, primary_policy_script and secondary_policy_script include only DSL script information and do not include UI configuration information. Therefore, you cannot view the graphical structure of the action policy in the Log Service console.
Alert template sls.alert.content_template template_id template_name
{
    "template_id": "default-template",
    "template_name": "Default Template",
    "is_default": false,
    "templates": {
        "fc": {
            "limit": 0,
            "locale": "zh-CN",
            "content": "",
            "send_type": "merged"
        },
        "sms": {
            "locale": "zh-CN",
            "content": ""
        },
        "lark": {
            "title": "Alerthub alert test ${alert_name}",
            "locale": "zh-CN",
            "content": ""
        },
        "email": {
            "locale": "zh-CN",
            "content": "",
            "subject": "SLS alert test-jizhi-test"
        },
        "slack": {
            "title": "Alerthub alert test ${alert_name}",
            "locale": "zh-CN",
            "content": ""
        },
        "voice": {
            "locale": "zh-CN",
            "content": ""
        },
        "wechat": {
            "title": "Alerthub alert test ${alert_name}",
            "locale": "zh-CN",
            "content": ""
        },
        "webhook": {
            "limit": 0,
            "locale": "zh-CN",
            "content": "",
            "send_type": "batch"
        },
        "dingtalk": {
            "title": "Alerthub alert test ${alert_name}",
            "locale": "zh-CN",
            "content": ""
        },
        "event_bridge": {
            "locale": "zh-CN",
            "content": "",
            "subject": "wkb-test"
        },
        "message_center": {
            "locale": "zh-CN",
            "content": ""
        }
    }
}
  • Set is_default to false.
  • Set templates to the alert templates for each notification method that you want to use. If content is empty for a notification method, the default alert template is used for the notification method. For more information, see Default alert templates.
  • Set locale to zh-CN or en-US.
  • For the webhook and fc notification methods, set send_type to single or batch. The value single indicates that Log Service sends notifications for each alert. The value batch indicates that Log Service merges alerts into an alert set and sends only one notification for the alert set.
Default calendar sls.common.calendar calendar_id calendar_name
{
    "calendar_id": "default_calendar",
    "calendar_name": "Default Calendar",
    "timezone": "Asia/Shanghai",
    "workdays": [
        1,
        2,
        3,
        4,
        5
    ],
    "worktime": [
        {
            "end_time": "21:00",
            "start_time": "09:00"
        }
    ],
    "reset_days": [],
    "holiday_sync": "china"
}
  • Set the ID of the default calendar to default_calendar.
  • This configuration is complex. We recommend that you complete the configuration in the Log Service console.
Notification quota sls.alert.channel_quota id Empty string
{
    "id": "default",
    "quota_script": "if user in [\"jizhi\"]:\n    set_limit(sms=5, voice=5, email=5)\nset_limit(sms=100, voice=100, email=100)"
}
  • Set id to default.
  • We recommend that you complete the configuration in the Log Service console.
  • If you use an SDK to perform the configuration, quota_script includes only DSL script information and does not include UI configuration information. Therefore, you cannot view the graphical structure of the notification quota in the Log Service console.

Descriptions of DSL syntax

This section provides DSL configuration examples.

Notice DSL configuration is complex. We recommend that you complete the configuration in the Log Service console and then view data below Payload for requests on the Network tab.
Configure a merge policy
  • Configuration in the Log Service consoleAlert policy
  • DSL configuration
    if alert.severity >= 8:
        fire(action_policy="sls.builtin", group={"alert.project": alert.project, "alert.alert_id": alert.alert_id}, group_by_all_labels=true, group_wait="15s", group_interval="5m", repeat_interval="1h")
        stop()
    fire(action_policy="sls.builtin", group={"alert.project": alert.project}, group_by_all_labels=false, group_wait="15s", group_interval="5m", repeat_interval="1h")

    DSL configuration description:

    • if alert.severity >= 8 specifies a condition node.
    • fire( ) specifies a merge node.
      • action_policy specifies the ID of the action policy.
      • group specifies the standard based on which Log Service merges alerts. Data type: dictionary.
      • group_by_all_labels specifies whether to merge alerts based on all labels. Valid values: true and false.
      • group_wait specifies the interval after which Log Service sends an alert notification if the first alert set is created.
      • group_interval specifies the interval after which Log Service sends an alert notification if the data in an alert set is modified.
      • repeat_interval specifies the interval after which Log Service sends an alert notification if the data in an alert set remains the same.
    • stop() specifies the end node.
Configure an inhibition policy
  • Configuration in the Log Service consoleAlert policy
  • DSL configuration
    if alert.severity >= 8:
        silence alert.severity < 8
        stop()
    DSL configuration description:
    • if alert.severity >= 8 specifies a condition node.
    • silence alert.severity < 8 specifies an inhibition node.
    • stop() specifies the end node.
Configure a silence policy
  • Configuration in the Log Service consoleAlert policy
  • DSL configuration
    drop(end=1638189177) alert.alert_name == "test-alert"
    accept alert.labels.env == "prod"
    DSL configuration description:
    • drop specifies that alerts are silenced.
    • accept specifies that alerts are not silenced.
    • start and end specify the time range during which alerts are silenced. The values are UNIX timestamps. Unit: seconds.
      • Specific time range: You must configure start and end.
      • Before a point in time: You need to only configure end.
      • Time range: You need to only configure end.
      • Continuous: You do not need to configure start or end.
Configure an action policy
  • Configuration in the Log Service consoleAction policy
  • DSL configuration
    if alert.severity >= 8:
        fire(type="sms", users=[], groups=[], oncall_groups=["alert-test-oncall"], template_id="sls.builtin.cn", check_quota="true", period="any")
        stop()
    if alerts.severity < 8:
        fire(type="webhook_integration", integration_type="dingtalk", webhook_id="jizhi-test", template_id="sls.builtin.cn", period="any")
        stop()
    Notice
    • if alert.xxx specifies that an action policy is executed if any alert meets the conditions.
    • if alerts.xxx specifies that an action policy is executed only if all alerts meet the conditions.
The following figure and code provide a configuration example of an action policy. The configuration for each notification method is provided.
  • Configuration in the Log Service consoleAction policy
  • DSL configuration
    fire(type="sms", users=["jizhi"], groups=[], oncall_groups=[], template_id="sls.builtin.cn", check_quota="true", period="workday")
    fire(type="voice", users=[], groups=[], oncall_groups=["alert-test-oncall"], template_id="sls.builtin.cn", check_quota="true", period="worktime")
    fire(type="email", users=[], groups=["alert-test"], oncall_groups=[], template_id="sls.builtin.cn", check_quota="true", period="any")
    fire(type="webhook_integration", integration_type="dingtalk", webhook_id="jizhi-test", template_id="sls.builtin.cn", period="any")
    fire(type="webhook_integration", integration_type="wechat", webhook_id="wechat-test", template_id="sls.builtin.cn", period="any")
    fire(type="message_center", template_id="sls.builtin.cn", check_quota="true", period="any")
    fire(type="event_bridge", region="cn-hangzhou", bus_name="bus-demo", template_id="sls.builtin.cn", period="any")
    fire(type="fc", region="cn-shanghai", service="jizhi-test", qualifier="LATEST", function="sls-ops-1", template_id="sls.builtin.cn", period="any")
    fire(type="set_ticket_owner", choice="random", users=[], groups=[], oncall_groups=["alert-test-oncall"])

    DSL configuration description:

    fire() specifies a notification method. For more information, see Notification methods.

Configure notification quotas
  • Configuration in the Log Service consoleNotification quota
  • DSL configuration
    if alert.user == "jizhi":
        set_limit(sms=1000, voice=1000, email=1000)
    set_limit(sms=100, voice=100, email=100)
    DSL configuration description:
    • if alert.user == "jizhi" specifies a condition node.
    • set_limit( ) specifies the notification quota for each notification method.