Simple Log Service provides built-in alert monitoring rules in CloudLens for SLS. To monitor Simple Log Service in real time, you need to only configure an alert monitoring rule to generate an alert instance. Then, you can receive alert notifications such as DingTalk messages. This topic describes how to configure alerts.
Log collection for important logs, detailed logs, run logs, and audit logs is enabled for a project. For more information, see Enable the log collection feature.
CloudLens for SLS provides alert monitoring rules such as the baseline alert monitoring rule, interval-valued comparison alert monitoring rule, and periodicity-valued comparison alert monitoring rule. You can use the alert monitoring rules to monitor the usage of resources such as projects, Logtail, and consumer groups. CloudLens for SLS supports different notification methods, such as text messages, DingTalk messages, emails, voice calls, and custom webhooks. You can enable an alert monitoring rule based on your business requirements. The following list describes the characteristics of each type of alerting monitoring rule:
Baseline alert monitoring rule: If the value of a metric is greater than or less than the threshold that you specify, an alert is triggered. For example, if the number of times that the project quota is exceeded is greater than 2, an alert is triggered.
Interval-valued comparison and periodicity-valued comparison alert monitoring rules: If the rate of change between the value within the current time period and the value of a historical time period exceeds or drops below the threshold that you specify, an alert is triggered. For example, if the growth rate of the number of Logtail collection errors on the current day exceeds 20% compared with the number of Logtail collection errors on the previous day, an alert is triggered.
- Log on to the Log Service console.
In the Log Application section, click the Cloud Service Lens tab. Then, click CloudLens for SLS.
In the left-side navigation pane, click Anomaly Detection.
On the Alert Rules/Incidents tab, click the alert monitoring rule that you want to manage and click Settings.
In the Parameter Settings dialog box, configure the parameters and click Save and Enable.
In this example, the alert monitoring rule Project Service Status Monitoring is used. The following table describes the parameters.
The action policy that you want to use. Simple Log Service sends alert notifications to the specified users based on the specified action policy. Simple Log Service provides a built-in action policy to send alert notifications in CloudLens for SLS.
If you want to use the built-in alert action policy, click CloudLens for SLS to configure the recipients of alert notifications.
If you want to use a custom action policy, click Add to create an action policy. For more information, see Create an action policy.
If the ratio of abnormal requests to all requests in a project exceeds the value of this parameter within 5 minutes, a critical-level alert is triggered.
If the ratio of abnormal requests to all requests in a project exceeds the value of this parameter within 5 minutes, a high-level alert is triggered.
The period during which notifications are not sent for repeated alerts. During this period, Simple Log Service does not notify you of repeated alerts. Examples: 1d, 2h, and 3m. The value 1d indicates 1 day, the value 2h indicates 2 hours, and the value 3m indicates 3 minutes.
If you turn on SendResolved, Simple Log Service sends a recovery notification when the monitored object recovers.
The number of consecutive times that a specified trigger condition must be met before an alert is triggered.
What to do next
On the Monitoring Rule page, you can perform the following operations.
Disable an alert instance
If you disable an alert instance, the status of the alert monitoring rule changes to Not Enabled, which is displayed in the Status column. Alerts are no longer triggered based on the alert monitoring rule. If you disable an alert instance, the parameter configurations of the alert monitoring rule are not deleted. If you want to enable the alert instance again, you do not need to reconfigure the parameters of the alert monitoring rule.
Pause an alert instance
If you pause an alert instance, alerts are not triggered based on the alert monitoring rule within a specified period of time.
Resume an alert instance
You can resume a paused alert instance based on your business requirements.
Delete an alert instance
If you delete an alert instance, the status of the alert monitoring rule changes to Not Created, which is displayed in the Status column. If you delete an alert instance, the parameter configurations of the alert monitoring rule are also deleted. If you want to enable an alert instance again, you must reconfigure the parameters of the alert monitoring rule.