This topic describes the data structure of an alert rule.
Alert
Field | Type | Required | Description |
name | String | Yes | The ID of the alert rule. The ID is displayed in the URL of the rule. |
displayName | String | Yes | The name of the alert rule. The name is displayed in the alert list. |
status | String | No | The status of the alert rule. Valid values:
|
type | String | Yes | Set the value to Alert. |
description | String | No | The compatibility field. Set the value to an empty string. |
schedule | Schedule | Yes | The check frequency-related settings. For more information, see Schedule. |
configuration | Configuration | Yes | The detailed settings of the alert rule. For more information, see Configuration. |
Schedule
Field | Type | Required | Description |
type | String | Yes | The type of the check frequency. Log Service checks query and analysis results based on the frequency that you specify. Valid values:
|
interval | String | No | The fixed interval. Examples: 5m and 1h. If you set type to FixedRate, you must configure interval. |
cronExpression | String | No | The cron expression, which can specify an interval accurate to the minute. The cron expression is based on the 24-hour clock. For example, If you set type to Cron, you must configure cronExpression. |
dayOfWeek | Integer | No | The day of the week. Valid values: 0 to 6, which specify Sunday to Saturday. If you set type to Weekly, you must configure dayOfWeek. |
hour | Integer | No | The hour. Valid values: 0 to 23, which specify each hour in a day. If you set type to Weekly or Daily, you must configure hour. |
runImmediately | Boolean | No | Specifies whether to run the alert rule immediately after the rule is created. |
Configuration
Field | Type | Required | Description |
version | String | Yes | Set the value to 2.0. |
type | String | Yes | Set the value to default. |
dashboard | String | No | The alert history dashboard. Recommended value: internal-alert-analysis. |
queryList | AlertQuery | Yes | The list of query statements. |
groupConfiguration | GroupConfiguration | Yes | The settings of group evaluation. For more information, see GroupConfiguration. |
joinConfigurations | []JoinConfiguration | No | The settings of set operations. For more information, see JoinConfiguration.
|
severityConfigurations | []SeverityConfiguration | Yes | The trigger condition. You must specify at least one trigger condition. For more information, see SeverityConfigurations. |
labels | []Tag | No | The label. For more information, see Tag. |
annotations | []Tag | No | The annotation. For more information, see Tag. |
autoAnnotation | Boolean | Yes | Specifies whether to allow the system to automatically add annotations.
|
sendResolved | Boolean | No | Specifies whether to trigger a recovery alert when an alert is cleared.
|
threshold | Integer | Yes | The threshold based on which an alert is triggered. If the number of consecutive times that the specified trigger condition is met reaches the specified threshold, an alert is triggered. The system does not count the number of times when the specified trigger condition is not met. |
noDataFire | Boolean | No | Specifies whether to trigger an alert when the condition for no data is met.
|
noDataSeverity | Integer | No | The severity level of an alert that is triggered when the condition for no data is met. For more information, see Alert severities. |
policyConfiguration | PolicyConfiguration | Yes | The settings of the alert policy. For more information, see PolicyConfiguration. |
tags | []String | No | The type of the custom alert rule. Note This field is supported in Log Service SDK for Java V0.6.74 and later. |
AlertQuery
Field | Type | Required | Description |
storeType | String | Yes | The type of the data source for the query. Valid values:
|
region | String | Yes | The region of the project in which the query is performed.
|
project | String | Yes | The project in which the query is performed.
|
store | String | Yes | The Logstore, Metricstore, or resource data on which the query is performed.
|
roleArn | String | No | The Alibaba Cloud Resource Name (ARN) of the RAM role that is required to access data. For more information, see Configure authorization for data monitoring across projects. |
query | String | Yes | The query statement.
|
timeSpanType | String | No | The type of time. For more information, see Time ranges of query statements. If you set storeType to log or metric, you must configure timeSpanType. |
start | String | No | The start time. If you set storeType to log or metric, you must configure start. |
end | String | No | The end time. If you set storeType to log or metric, you must configure end. |
powerSqlMode | String | No | Specifies whether to enable Dedicated SQL. Valid values:
|
GroupConfiguration
Field | Type | Required | Description |
type | String | Yes | The type of group evaluation. Valid values:
|
fields | []String | No | The field based on which query and analysis results are grouped. If you set type to custom, you must configure fields. |
JoinConfiguration
Field | Type | Required | Description |
type | String | Yes | The type of the set operation. Valid values:
|
condition | String | No | If you set type to inner_join, left_join, right_join, full_join, left_exclude, or right_exclude, you must configure condition. Example: |
SeverityConfiguration
Field | Type | Required | Description |
severity | Integer | Yes | The severity level of an alert. For more information, see Alert severities. |
evalCondition | ConditionConfiguration | No | The trigger condition. For more information, see Specify evaluate expressions. |
evalCondition.condition | String | Yes | The expression that is used to match data.
|
evalCondition.countCondition | String | Yes | The expression that is used to match the number of data entries.
|
Tag
Field | Type | Required | Description |
key | String | Yes | The name of the field. |
value | String | Yes | The value of the field. |
PolicyConfiguration
Field | Type | Required | Description |
alertPolicyId | String | Yes | The ID of the alert policy.
|
actionPolicyId | String | Yes | The ID of the action policy. In advanced mode, if the alert policy does not use a dynamic action policy, set actionPolicyId to an empty string. |
repeatInterval | String | Yes | The repeat interval. Examples: 5m and 1h. |
useDefault | Boolean | Yes | The compatibility field. Set the value to false. |
Reference data
Alert severities
Alert severity | Description |
Critical | 10 |
High | 8 |
Medium | 6 |
Low | 4 |
Report | 2 |
Time ranges of query statements
timeSpanType | start | end | Description |
Custom | -15m | absolute | A 15-minute period of the Time Frame type. |
Custom | -100s | -20s | A period of the Relative type that starts at the previous 100 seconds and ends at the previous 20 seconds. |
Custom | -60s | now | A 60-second period of the Relative type. |
Custom | -120m | Empty string | A 120-minute period of the Relative type. |
Relative | -100s | -20s | A period of the Relative type that starts at the previous 100 seconds and ends at the previous 20 seconds. |
Relative | -60s | now | A 60-second period of the Relative type. |
Relative | -120m | Empty string | A 120-minute period of the Relative type. |
Truncated | -15m | Arbitrary | A 15-minute period of the Time Frame type. |
Today | Arbitrary | Arbitrary | A period that starts from 00:00 on the current day and ends at the current time. |
Yesterday | Arbitrary | Arbitrary | A period that starts from 00:00 on the previous day and ends at 00:00 on the current day. |