All Products
Search

This Product

    Simple Log Service:FAQ about alert notifications

    Document Center

    Simple Log Service:FAQ about alert notifications

    Last Updated:Apr 17, 2024

    This topic provides answers to some frequently asked questions about alert notifications.

    How do I reference log content in alert notifications?

    You can use the labels, annotations, fire_results, or results variable in an alert template to reference log content in alert notifications. For more information, see Reference log content in alert notifications.

    How do I display the query and analysis results that trigger an alert in alert notifications?

    The query and analysis results that trigger the alert are stored in the fire_results variable. You can display the query and analysis results in alert notifications by using the following methods. For more information about the syntax and variables of alert templates, see Syntax for new alert templates and Variables in new alert templates.

    Method

    Description

    Display the results as a JSON string

    {{ alert.fire_results | to_json }}

    Display all fields as formatted data if the fields in the results are known

    {%- for result in alert.fire_results %}
- {{ result.field1 }}
- {{ result.field2 }}
- {{ result['__tag__:_field3_'] }}
{%- endfor %}

    Display all fields as formatted data if the fields in the results are unknown

    {%- for result in alert.fire_results %}
{%- for key, val in result.items() %}
- {{ key }}: {{ val }}
{%- endfor %}
{%- endfor %}

    An alert is triggered for a large number of raw logs, and the query and analysis results fail to be completely displayed in alert notifications. What do I do?

    The length of an alert message is limited. If an alert is triggered for a large number of raw logs, only a part of the query and analysis results is displayed in alert notifications. For example, if you reference the fire_results variable in an alert template and the value of the fire_results variable exceeds 2 KB in length, the excess part is not displayed in alert notifications. If you want to view the complete raw logs, you can reference the query_url variable in the alert template. As a result, a link to the query and analysis page of the Log Service console is provided in alert notifications for you to view the complete raw logs. Examples:

    • You can configure an alert template for the DingTalk method in the following Markdown format: [Query details]({{ alert.query_url }}).

    • You can configure an alert template for the email method in the following HTML format: <a href="{{ alert.query_url }}">Query details</a>.

    How do I format content, format time, process strings, and calculate data for alert templates?

    The new alert templates support built-in functions. You can use the built-in functions to configure the formats and styles of alert notifications. For more information, see Built-in functions in alert templates. If the built-in functions do not meet your requirements, submit a ticket to contact the Log Service technical support.

    What do I do if the "Template render error: xxxx" error occurs?

    The Template render error: xxxx indicates that the content of the alert notifications fails to be rendered because the alert template that you configure is invalid. You can check the alert template against the syntax of alert templates. For more information, see Syntax for new alert templates.

    If the error persists after the check, submit a ticket to contact the Log Service technical support.