If an alert is triggered based on an alert monitoring rule, Log Service merges, inhibits, or silences the alert based on the alert policy that you create. This topic describes how to create an alert policy.

Procedure

  1. Log on to the Log Service console.
  2. Go to the Alert Policy page.
    1. In the Projects section, click the name of the project that you want to view.
    2. In the left-side navigation pane, click Alerts.
    3. Choose Alert Management > Alert Policy.
  3. On the Alert Policy tab, click Create.
  4. In the Add Policy dialog box, configure the following parameters and click OK.
    Parameter Description
    ID The ID of the alert policy. The ID must be unique.
    Name The name of the alert policy.
    Inheritance The parent alert policy.

    If you select a parent alert policy, Log Service applies the parent alert policy before applying the alert policy that you create. You can configure this parameter to inherit silence policies.

    Route and Merge Policy The policy that is used to merge alerts. If a large number of identical alerts are triggered, you can configure a route consolidation policy to merge these alerts and send only one alert notification for the merged alerts. For more information, see Configure a route consolidation policy.
    Inhibision Policy The policy that is used to inhibit alerts. You can configure a inhibision policy to prevent Log Service from sending notifications for similar alerts. For more information, see Configure a inhibision policy.
    Silence Policy The policy that is used to silence alerts. You can configure a silence policy to prevent Log Service from sending notifications for alerts during the specified silence period. You can also specify the conditions to match the alerts that you want to silence. For more information, see Configure a silence policy.

Configure a route consolidation policy

If a large number of identical alerts are triggered, you can configure a route consolidation policy to merge these alerts and send only one alert notification for the merged alerts. You can specify conditions to match alerts in the Condition widget and specify rules to merge alerts in the Merge Alerts widget.

Configurations

  1. On the Route and Merge Policy tab, click the Condition icon.
  2. Specify conditions to match alerts.
    Condition
  3. Specify rules to merge alerts.
    Merge alerts
    Parameter Description
    Merge by Specify rules to merge alerts. Valid values:
    • Alert ID and All Labels: If you select this option, Log Service merges the alerts that are triggered based on the same alert monitoring rule and have the same labels.
    • Alert ID: If you select this option, Log Service merges the alerts that are triggered based on the same alert monitoring rule.
    • Alert Project: If you select this option, Log Service merges the alerts that belong to the same project.
    • Alert Project and Severity: If you select this option, Log Service merges the alerts that belong to the same project and have the same alert severity.
    • Alert Project and All Labels: If you select this option, Log Service merges the alerts that belong to the same project and have the same labels.
    • Custom: If you select this option, Log Service merges alerts based on the attributes that you specify. The attributes include the IDs of Alibaba Cloud accounts, IDs of alert monitoring rules, and alert titles.
    Action Policy Select an action policy.
    Note You can select an action policy when you merge alerts. You can also select an action policy when you configure an alert monitoring rule.
    • If you select Dynamic Action Policy, the action policy that you select when you configure an alert monitoring rule is used.
    • If you select an action policy other than Dynamic Action Policy, the action policy that you select is used.
    Group Wait Specify the group wait interval. We recommend that you set the unit to Seconds.

    After alerts are grouped, Log Service sends the first alert notification after the group wait interval that you specify.

    Group Interval Specify the group interval. We recommend that you set the unit to Minutes.

    Log Service checks the alert data in a group based on the group interval that you specify.

    Repeat Interval Specify the repeat interval. We recommend that you set the unit to Hours.

    If the alert data in a group does not change, Log Service sends an alert notification after the repeat interval that you specify.

  4. Click the End icon for the Condition and Merge Alerts widgets to complete the configuration.

Configuration example

The following figure shows examples of route consolidation policies. Alerts are matched based on the value of the env label. Matched alerts whose value of the env label is prd are merged based on Alert Project, and an alert notification is sent based on the SLS built-in action policy. Matched alerts whose value of the env label is test are merged based on Alert ID, and an alert notification is sent based on the test action policy.

Examples of route consolidation policies

Configure a inhibision policy

You can configure a inhibision policy to prevent Log Service from sending notifications for similar alerts. You can specify conditions to match alerts in the Condition widget and specify rules to inhibit alerts in the Inhibit Alert widget.

Configurations

  1. On the Inhibision Policy tab, click the Condition icon.
  2. Specify conditions to match alerts.
    Condition 2
  3. Specify rules to inhibit alerts.
    Inhibition rules
  4. Click the End icon for the Condition and Inhibit Alert widgets to complete the configuration.

Configuration example

The following figure shows an example of a suppression policy. Alerts are matched based on the following conditions: The value of Title for the alert matches k8s, the value of Severity is Critical, and the value of Status is Trigger Alert. Matched alerts whose value of the cluster_id label is k8s and Severity is less than Critical are inhibited.

Example of a suppression policy

Configure a silence policy

You can configure a silence policy to prevent Log Service from sending notifications for alerts during the specified silence period. You can also specify the conditions to match the alerts that you want to silence. You can specify conditions to match alerts in the Condition widget and specify rules to silence alerts in the Silence Period widget.

Configurations

  1. On the Silence Policy tab, click the Condition icon.
  2. Specify conditions to match alerts.
    Condition 3
  3. Specify a silence period.
    Silence period
  4. Click the End icon for the Condition and Silence Period widgets to complete the configuration.

Configuration example

The following figure shows examples of silence policies. Alerts are matched based on the following conditions: The value of Severity is Medium, the value of Project contains test-project, and the expired label is true. Matched alerts are silenced for 1 hour. Unmatched alerts that do not have the owner label are silenced permanently.

Examples of silence policies