ALIYUN::SLS::Alert is used to create an alert rule.

Syntax

{
  "Type": "ALIYUN::SLS::Alert",
  "Properties": {
    "Project": String,
    "Detail": Map
  }
}

Properties

PropertyTypeRequiredEditableDescriptionConstraint
ProjectStringYesNoThe name of the project. None.
DetailMapYesYesDetails of the alert rule. For more information, see Detail properties.

Detail syntax

"Detail": {
  "Type": String,
  "Description": String,
  "Configuration": Map,
  "State": String,
  "Schedule": Map,
  "DisplayName": String,
  "Name": String
}

Detail properties

PropertyTypeRequiredEditableDescriptionConstraint
TypeStringNoNoThe type of the alert rule. None.
DescriptionStringNoYesThe description of the alert rule. None.
ConfigurationMapYesYesThe configurations of the alert rule. For more information, see Configuration properties.
StateStringNoNoSpecifies whether to enable the alert rule. Valid values:
  • Enable
  • Disabled
ScheduleMapYesYesThe time interval at which Log Service evaluates the alert rule. If more than 100 log entries are returned when Log Service evaluates the alert rule, only the first 100 log entries are checked.

For more information, see Schedule properties.

DisplayNameStringYesYesThe display name of the alert rule. The name must be 1 to 64 characters in length.
NameStringYesNoThe name of the alert rule. None.

Configuration syntax

"Configuration": {
  "Throttling": String,
  "Condition": String,
  "NotificationList": List,
  "NotifyThreshold": Integer,
  "Dashboard": String,
  "QueryList": List,
  "Type": String,
  "GroupConfiguration": Map,
  "NoDataFire": Boolean,
  "Threshold": Integer,
  "SeverityConfigurations": List,
  "Labels": List,
  "AutoAnnotation": Boolean,
  "PolicyConfiguration": Map,
  "SendResolved": Boolean,
  "NoDataSeverity": Integer,
  "Annotations": List,
  "MuteUntil": Integer,
  "JoinConfigurations": List,
  "Version": String
}

Configuration properties

PropertyTypeRequiredEditableDescriptionConstraint
ThrottlingStringNoYesThe time interval at which Log Service sends alert notifications. None.
ConditionStringNoYesThe trigger condition. The following arithmetic operators are supported: addition (+), subtraction (-), multiplication (*), division (/), and modulo (%). The following comparison operators are supported: greater-than (>), greater-than-or-equal-to (>=), less-than (<), less-than-or-equal-to (<=), equal-to (==), not-equal-to (!=), match (=~), and not-match (!~).

For more information, see Syntax of trigger conditions in alert rules.

NotificationListListNoYesThe list of alert notifications. For more information, see NotificationList properties.
NotifyThresholdIntegerNoYesThe threshold based on which alert notifications are triggered. None.
DashboardStringYesYesThe dashboard with which the alert rule is associated. None.
QueryListListYesYesThe list of query statements. For more information, see QueryList properties.
TypeStringNoYesThe type of the alert rule. Set the value to default.
GroupConfigurationMapNoYesThe configurations of group evaluation. For more information, see GroupConfiguration properties.
NoDataFireBooleanNoYesSpecifies whether to enable the no-data alert feature. Default value: false. Valid values:
  • true: enables the no-data alert feature.

    If you set this property to true, an alert is triggered when the number of times that no data is returned for a query and analysis result exceeds the value of the Threshold property.

    Note If multiple query and analysis results exist, an alert is triggered when the number of times that no data is returned for a set operation on the query and analysis results exceeds the value of the Threshold property.

    For more information, see No-data alert.

  • false: disables the no-data alert feature.
ThresholdIntegerNoYesThe threshold based on which an alert is triggered. If the number of consecutive times that the trigger condition is met reaches the specified threshold, an alert is triggered. The system does not count the number of times when the trigger condition is not met.
SeverityConfigurationsListNoYesThe trigger condition. You must specify at least one trigger condition. For more information, see SeverityConfigurations properties.
LabelsListNoYesThe labels of the alert rule. For more information, see Labels properties.
AutoAnnotationBooleanNoYesSpecifies whether to allow the system to automatically add annotations to the alert rule. Default value: true. Valid values:
  • true: allows the system to automatically add annotations such as __count__ to the alert rule.

    For more information, see Auto-Add switch.

  • false: does not allow the system to automatically add annotations to the alert rule.
PolicyConfigurationMapNoYesThe configurations of the alert policy. For more information, see PolicyConfiguration properties.
SendResolvedBooleanNoYesSpecifies whether to send a recovery notification when an alert is cleared. Default value: false. Valid values:
  • true: sends a recovery notification when an alert is cleared.

    For more information, see Recovery notifications.

  • false: does not send a recovery notification when an alert is cleared.
NoDataSeverityIntegerNoYesThe severity level of a no-data alert. For more information, see Alert severities.
AnnotationsListNoYesThe annotations of the alert rule. For more information, see Annotations properties.
MuteUntilIntegerNoYesThe threshold based on which an alert is triggered. None.
JoinConfigurationsListNoYesThe configurations of set operations. For more information, see JoinConfigurations properties.
  • If you specify only one query statement in the QueryList property, you do not need to specify the JoinConfigurations property.
  • If you specify two or three query statements in the QueryList property, you must specify the JoinConfigurations property to associate the query and analysis results.

    For more information, see Multi-set operations.

VersionStringNoYesThe version of the alert rule. Set the value to 2.0.

NotificationList syntax

"NotificationList": [
  {
    "Type": String,
    "MobileList": List,
    "ServiceUri": String,
    "Content": String,
    "EmailList": List,
    "Method": String,
    "Headers": Map
  }
]

NotificationList properties

PropertyTypeRequiredEditableDescriptionConstraint
TypeStringYesNoThe method that is used to send alert notifications. Valid values:
  • Email: email
  • MessageCenter: Message Center
  • DingTalk: DingTalk chatbot webhook
  • Webhook: custom webhook
ContentStringNoNoThe content of the alert notification. You can use the following template variables in the content: ${Project}, ${Condition}, ${AlertName}, ${AlertID}, ${Dashboard}, ${FireTime}, and ${Results}.

For more information, see Configure notification methods.

MobileListListNoNoThe list of mobile numbers.

A mobile number can receive up to 50 text messages every day.

ServiceUriStringNoNoThe URL of the request. This property is required if you set the Type property to Webhook or DingTalk.
EmailListListNoNoThe list of email addresses. This property is required if you set the Type property to Email.

An email address can receive up to 100 emails every day.

MethodStringNoNoThe request method. None.
HeadersMapNoNoDetails of the request header. None.

QueryList syntax

"QueryList": [
  {
    "Query": String,
    "LogStore": String,
    "Start": String,
    "TimeSpanType": String,
    "End": String,
    "ChartTitle": String,
    "DashboardId": String,
    "Region": String,
    "RoleArn": String,
    "StoreType": String,
    "PowerSqlMode": String,
    "Project": String,
    "Store": String
  }
]

QueryList properties

PropertyTypeRequiredEditableDescriptionConstraint
QueryStringYesNoThe query statement. None.
LogStoreStringNoNoThe Logstore. None.
StartStringYesNoThe beginning of the time range to query. None.
TimeSpanTypeStringYesNoThe time range to query. None.
EndStringYesNoThe end of the time range to query. None.
ChartTitleStringNoNoThe title of the chart. None.
DashboardIdStringNoNoThe ID of the dashboard with which the alert rule is associated. None.
RegionStringNoNoThe region of the project. None.
RoleArnStringNoNoThe Alibaba Cloud Resource Name (ARN) of the RAM role that is required to access data. For more information, see Configure access control policies.
StoreTypeStringNoNoThe type of the data source. Valid values:
  • log: Logstore data
  • metric: Metricstore data
  • meta: resource data
PowerSqlModeStringNoNoSpecifies whether to allow the system to enable Dedicated SQL. Valid values:
  • auto: The system automatically enables or disables Dedicated SQL.
  • enable: The system enables Dedicated SQL.
  • disable: The system disables Dedicated SQL.
ProjectStringNoNoThe project with which the query statement is associated. None.
StoreStringNoNoThe Logstore, Metricstore, or resource data with which the query statement is associated. None.

Schedule syntax

"Schedule": {
  "Type": String,
  "Interval": String,
  "Hour": Integer,
  "DayOfWeek": Integer,
  "CronExpression": String,
  "Delay": Integer,
  "RunImmediately": Boolean
}

Schedule properties

PropertyTypeRequiredEditableDescriptionConstraint
TypeStringYesYesThe type of the schedule based on which the alert rule is triggered. Valid values:
  • Hourly: The alert rule is triggered on an hourly basis.
  • Daily: The alert rule is triggered on a daily basis.
  • Weekly: The alert rule is triggered on a weekly basis.
  • FixedRate: The alert rule is triggered on a regular basis.
  • Cron: The alert rule is triggered based on the CRON expression.
IntervalStringNoYesThe time interval at which the alert rule is triggered on a regular basis. This property is required if you set the Type property to FixedRate.

Valid values:

  • 10d: The alert rule is triggered every 10 days.
  • 10h: The alert rule is triggered every 10 hours.
  • 10m: The alert rule is triggered every 10 minutes.
HourIntegerNoYesThe hour of the day when the alert rule is triggered. This property is required if you set the Type property to Daily or Weekly.

Valid values: 0 to 23.

DayOfWeekIntegerNoYesThe day of the week when the alert rule is triggered. This property is required if you set the Type property to Weekly.

Valid values: 1 to 7.

CronExpressionStringNoYesThe CRON expression based on which the alert rule is triggered. This property is required if you set the Type property to Cron.
RunImmediatelyBooleanNoYesSpecifies whether to immediately trigger the alert rule. Valid values:
  • true
  • false
DelayIntegerNoYesSpecifies whether to delay the triggering of the alert rule. None.

SeverityConfigurations syntax

"SeverityConfigurations": {
  "EvalCondition": Map,
  "Severity": Integer
}

SeverityConfigurations properties

PropertyTypeRequiredEditableDescriptionConstraint
EvalConditionMapNoNoThe trigger condition. For more information, see EvalCondition properties.
SeverityIntegerYesNoThe severity level of the alert. For more information, see Data structure of an alert monitoring rule.

EvalCondition syntax

"EvalCondition": {
 "Condition": String,
 "CountCondition": String
}

EvalCondition properties

PropertyTypeRequiredEditableDescriptionConstraint
ConditionStringNoNoThe expression that is used to match data.
  • If you do not need to match data, set the value to an empty string.
  • In other scenarios, set the value to an expression. Example: errCnt > 10.
CountConditionStringNoNoThe expression that is used to match the number of data entries.
  • If you want the expression to be matched when data exists, set the value to an empty string.
  • In other scenarios, set the value to an expression. Example: __count__ > 3.

Labels syntax

"Labels": [{
  "Value": String,
  "Key": String
}]

Labels properties

PropertyTypeRequiredEditableDescriptionConstraint
ValueStringYesNoThe value of the field. None.
KeyStringYesNoThe key of the field. None.

GroupConfiguration syntax

"GroupConfiguration": {
   "Type": String,
   "Fields": List
}

GroupConfiguration properties

PropertyTypeRequiredEditableDescriptionConstraint
TypeStringYesNoThe type of group evaluation. Valid values:
  • no_group: Query and analysis results are not grouped.
  • custom: Query and analysis results are grouped based on the custom field that you specify.
  • labels_auto: Query and analysis results are automatically grouped based on the labels that you specify. The value is supported only for time series data.
FieldsListNoNoThe fields based on which group evaluation is performed. None.

Annotations syntax

"Annotations": [{
  "Value": String,
  "Key": String
}]

Annotations properties

PropertyTypeRequiredEditableDescriptionConstraint
KeyStringYesNoThe key of the field. None.
ValueStringYesNoThe value of the field. None.

JoinConfigurations syntax

"JoinConfigurations": {
   "Type": String,
   "Condition": String
}

JoinConfigurations properties

PropertyTypeRequiredEditableDescriptionConstraint
ConditionStringNoNoThe conditional expression. This property is required if you set the Type property to cross_join, concat, or no_join. Example: $0.host == $1.ip.
TypeStringYesNoThe type of the set operation. Valid values:
  • cross_join: Cartesian product.
  • inner_join: inner join.
  • left_join: left join
  • right_join: right join.
  • full_join: full join.
  • left_exclude: left exclusion.
  • right_exclude: right exclusion.
  • concat: concatenation. The system traverses each dataset in sequence.
  • no_join: no join. The system uses only the first dataset.

PolicyConfiguration syntax

"PolicyConfiguration": {
  "RepeatInterval": String,
  "ActionPolicyId": String,
  "AlertPolicyId": String,
  "UseDefault": Boolean
}

PolicyConfiguration properties

PropertyTypeRequiredEditableDescriptionConstraint
RepeatIntervalStringNoNoThe repeat interval. None.
ActionPolicyIdStringNoNoThe ID of the action policy. In advanced mode, if the alert policy does not use a dynamic action policy, set the value to an empty string.
AlertPolicyIdStringNoNoThe ID of the alert policy.
  • In simple or standard mode, set the value to sls.builtin.dynamic. The value specifies a built-in dynamic alert policy.
  • In advanced mode, set the value to the ID of an alert policy that you want to use.
UseDefaultBooleanNoNoThe compatibility field. Set the value to false.

Return values

Fn::GetAtt

Name: the name of the alert rule.

Examples

  • YAMLformat

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters:
      Project:
        Type: String
        Description: >-
          Project name:
    
          1. Only supports lowercase letters, numbers, hyphens (-) and underscores
          (_).
    
          2. Must start and end with lowercase letters and numbers.
    
          3. The name length is 3-63 characters.
        AllowedPattern: '^[a-zA-Z0-9_-] $'
        MinLength: 3
        MaxLength: 63
      Detail:
        Type: Json
        Description: ''
    Resources:
      Alert:
        Type: 'ALIYUN::SLS::Alert'
        Properties:
          Project:
            Ref: Project
          Detail:
            Ref: Detail
    Outputs:
      Name:
        Description: Alert name.
        Value:
          'Fn::GetAtt':
            - Alert
            - Name
  • JSONformat

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
        "Project": {
          "Type": "String",
          "Description": "Project name:\n1. Only supports lowercase letters, numbers, hyphens (-) and underscores (_).\n2. Must start and end with lowercase letters and numbers.\n3. The name length is 3-63 characters.",
          "AllowedPattern": "^[a-zA-Z0-9_-] $",
          "MinLength": 3,
          "MaxLength": 63
        },
        "Detail": {
          "Type": "Json",
          "Description": ""
        }
      },
      "Resources": {
        "Alert": {
          "Type": "ALIYUN::SLS::Alert",
          "Properties": {
            "Project": {
              "Ref": "Project"
            },
            "Detail": {
              "Ref": "Detail"
            }
          }
        }
      },
      "Outputs": {
        "Name": {
          "Description": "Alert name.",
          "Value": {
            "Fn::GetAtt": [
              "Alert",
              "Name"
            ]
          }
        }
      }
    }