If an alert is triggered by an alert monitoring rule, Log Service merges, inhibits, or silences the alert based on the alert policy that is used by the alert monitoring rule. This topic describes how to create an alert policy.

Procedure

  1. Log on to the Log Service console.
  2. Go to the Alert Policy page.
    1. In the Projects section, click the name of the project that you want to view.
    2. In the left-side navigation pane, click Alerts.
    3. Choose Alert Management > Alert Policy.
  3. On the Alert Policy tab, click Create.
  4. In the Add Policy dialog box, configure the following parameters and click OK.
    Parameter Description
    ID The ID of the alert policy. The ID must be unique.
    Name The name of the alert policy.
    Inheritance The parent alert policy.

    If you select a parent alert policy, Log Service executes the parent alert policy before the alert policy that you create. You can configure this parameter to inherit silence policies.

    Route and Merge Policy The policy that is used to merge alerts. You can configure a merge policy to merge a large number of identical alerts that are triggered into an alert set. Log Service considers an alert set as a single alert when Log Service sends alert notifications. For more information, see Route and Merge Policy.
    Inhibision Policy The policy that is used to inhibit alerts. You can configure an inhibition policy to prevent Log Service from sending notifications for alerts that are inhibited due to a specific alert. For more information, see Inhibision Policy.
    Silence Policy The policy that is used to silence alerts. You can configure a silence policy to prevent Log Service from sending notifications for alerts that match specified conditions in a silence period. For more information, see Silence Policy.

Route and Merge Policy

You can configure a merge policy to merge a large number of identical alerts that are triggered into an alert set. You can specify conditions to match alerts in the Condition node and configure rules to merge alerts in the Merge Alerts node.

Configuration description

  1. On the Route and Merge Policy tab, click the Condition icon.
  2. Specify conditions to match alerts.
    Condition
  3. Configure rules to merge alerts.
    Merge Alerts
    Parameter Description
    Merge by Select a standard based on which Log Service merges alerts. Valid values:
    • Alert ID and All Labels: If you select this option, Log Service merges the alerts that are triggered by the same alert monitoring rule and have the same labels into an alert set.
    • Alert ID: If you select this option, Log Service merges the alerts that are triggered by the same alert monitoring rule into an alert set.
    • Alert Project: If you select this option, Log Service merges the alerts that belong to the same project into an alert set.
    • Alert Project and Severity: If you select this option, Log Service merges the alerts that belong to the same project and have the same alert severity into an alert set.
    • Alert Project and All Labels: If you select this option, Log Service merges the alerts that belong to the same project and have the same labels into an alert set.
    • Custom: If you select this option, Log Service merges alerts based on the attributes that you specify. The attributes include the IDs of Alibaba Cloud accounts, IDs of alert monitoring rules, and alert titles.
    Action Policy Select the action policy that you want to use.
    Note You can specify an action policy when you create a merge policy. You can also specify an action policy when you create an alert monitoring rule.
    • If you select Dynamic Action Policy, the action policy that you specify when you create an alert monitoring rule is used.
    • If you select an action policy other than Dynamic Action Policy, the action policy that you select is used.
    Group Wait Specify the interval after which Log Service sends an alert notification if the first alert set is created. We recommend that you set the unit to Seconds.
    Group Interval Specify the interval after which Log Service sends an alert notification if the data in an alert set is modified. We recommend that you set the unit to Minutes.
    Repeat Interval Specify the interval after which Log Service sends an alert notification if the data in an alert set remains the same. We recommend that you set the unit to Hours.
  4. Click the End icon for the Condition and Merge Alerts nodes to complete the configuration.

Configuration example

The following figure shows a merge policy. If alerts have an env label of prd, the alerts are merged by the projects to which the alerts belong, and the SLS built-in action policy is executed. If alerts have an env label of test, the alerts are merged by the alert monitoring rules that trigger the alerts, and the test action policy is executed.

Example of a merge policy

Inhibision Policy

You can configure an inhibition policy to prevent Log Service from sending notifications for alerts that are inhibited due to a specific alert. You can specify conditions to match alerts in the Condition node and configure rules to inhibit alerts in the Inhibit Alert node.

Configuration description

  1. On the Inhibision Policy tab, click the Condition icon.
  2. Specify conditions to match alerts.
    Condition 2
  3. Configure rules to inhibit alerts.
    Inhibit Alert
  4. Click the End icon for the Condition and Inhibit Alert nodes to complete the configuration.

Configuration example

The following figure shows an inhibition policy. If an alert has a title of k8s, a severity of Critical, and a status of Trigger Alert, related alerts that have a cluster_id label of k8s and a severity lower than Critical are inhibited.

Example of an inhibition policy

Silence Policy

You can configure a silence policy to prevent Log Service from sending notifications for alerts that match specified conditions in a silence period. You can specify conditions to match alerts in the Condition node and specify a silence period in the Silence Period node.

Configuration description

  1. On the Silence Policy tab, click the Condition icon.
  2. Specify conditions to match alerts.
    Condition 3
  3. Specify a silence period.
    Silence Period
  4. Click the End icon for the Condition and Silence Period nodes to complete the configuration.

Configuration example

The following figure shows a silence policy. If alerts have a severity of Medium and an expired label of true and the alert monitoring rule belongs to a project whose name contains test-project, the alerts are silenced for 1 hour. If alerts do not match the conditions and do not have an owner label, the alerts are permanently silenced.

Example of a silence policy

What to do next

  • Delete a node

    Right-click the node that you want to delete and select Delete Node.

    Delete a node
  • Add a node

    In this example, add a node to a merge policy.

    Note If you have added the End node, you must delete the End node before you can add nodes such as Condition and Merge Alerts.
    • Click the Condition icon to add a Condition node.
    • Click the Merge Alerts icon to add a Merge Alerts node.
    • Click the End icon to add an End node.
    Alert policy