You can use Simple Log Service to collect and analyze logs in real time and configure custom alert rules based on your business requirements. When the system log traffic exceeds the preset threshold, an alert notification is automatically sent to O&M personnel by using different methods to quickly respond to unexpected traffic and abnormal traffic. This ensures the stability and security of applications. This topic describes how to configure a traffic protection alert based on Simple Log Service after logs are collected.
Prerequisites
Simple Log Service is activated, a Logstore is created, and log collection is complete. For more information, see "Step 1: Activate Simple Log Service" in Getting Started.
The traffic protection feature provided by Microservices Engine (MSE) Microservices Governance is enabled and traffic protection rules are configured.
Traffic protection events are collected to Simple Log Service. For more information, see Report MSE traffic protection events to Simple Log Service.
Procedure
This section provides only the configuration items that you need to focus on. For more information, see Configure an alert monitoring rule in Simple Log Service.
Log on to the Simple Log Service console.
Select the project that you created or used in Report MSE traffic protection events to Simple Log Service.
In the left-side navigation pane, click the
icon to go to the Logstores page. Click the Logstore for which you want to configure an alert rule, and click the
icon in the upper-right corner. 
Add an alert rule query statement.
In the Alert Monitoring Rule panel, click the
icon next to Query Statistics and enter the following alert rule query statement in the Query field: * | select resource,expType,ruleId,blockNum,time,appName,namespaceSelect Simple Log Service Notification for Destination and turn on the Enable switch. Select Simple Mode for Alert Policy, and configure the alert policy.
You can view the created rule in Alert Center.
Configure the content that you want to display after an alert is triggered.
In the left-side navigation pane, click the
icon to go to Alert Center. On the Notification Policy tab, click the Alert Template subtab.
On the Alert Template subtab, click Create. In the Add Alert Template dialog box, configure the ID, Name, and Content parameters. The following code shows sample templates.
Display data of the first triggered event.
- Alert name: {{ alert.alert_name }} - Alert severity: {{ alert.severity }} - Trigger condition: {{ alert.condition }} - Environment: {{ alert.annotations.namespace }} - Application: {{ alert.annotations.appName }} - Interface: {{ alert.annotations.resource }} - Type: {{ alert.annotations.expType }} - Hit rule: {{ alert.annotations.ruleId }} - QPS for throttling: {{alert.annotations.blockNum}} - Hit time: {{ alert.annotations.time }} - Details: [[Details]({{ alert.query_url }})]Display data of all triggered events.
- Alert name: {{ alert.alert_name }} - Alert severity: {{ alert.severity }} - Trigger condition: {{ alert.condition }} {%- for result in alert.fire_results %} - Application: {{ result.appName }} - Interface: {{ result.resource }} - Type: {{ result.expType }} - Hit rule: {{ result.ruleId }} - QPS for throttling: {{result.blockNum}} - Hit time: {{ result.time }} {%- endfor %} - Details: [[Details]({{ alert.query_url }})]