This topic describes how to create an alert rule in the Log Service console. You can create an alert rule on the search and analysis page or in a dashboard of a project in the Log Service console. After an alert rule is created, Log Service sends alert notifications if the trigger condition in the alert rule is met.
- Log data is collected.
- The index feature is enabled and configured. For more information, see Enable and configure the index feature for a Logstore.
- Create an alert rule for a query statement
After you create an alert rule for a query statement, the chart that plots the query result is automatically created in a specified dashboard. Therefore, when you create an alert rule for query statement, you must specify a dashboard and name the chart.
- Create an alert rule for existing charts
When you create an alert rule for existing charts, you can specify one or more charts with which the alert rule is associated. You can then specify a conditional expression for each chart and combine them into the trigger condition of the alert rule.
For more information, see Alert configuration examples.
This section uses an example to describe how to create an alert rule. In this example, the alert rule is created for existing charts.
- Log on to the Log Service console.
- In the Projects section, click a project name.
- In the left-side navigation bar, click the icon.
- In the Dashboard pane, click a dashboard.
- In the upper-right corner of the page that appears, choose .
- In the Alert Configuration step, set the parameters and click Next.The following table describes the parameters.
Parameter Description Alert Name The name of the alert rule. The name must be 1 to 64 characters in length. Associated Chart The charts with which the alert rule is associated.
The number before the chart name is the serial number of the chart. The serial number of the chart is valid within the alert rule. You can use the serial number to specify the chart in the trigger condition.
You can click the icon next to the Query field to modify the query statement.The Search Period parameter specifies the time range of each query. You can select either a relative time range or a time frame. For example, a query is performed at 14:30:06.
- If you set Search Period to 15 Minutes(Relative), the time range of the query is 14:15:06 to 14:30:06.
- If you set Search Period to 15 Minutes(Time Frame), the time range of the query is 14:15:00 to 14:30:00.
Frequency The interval at which Log Service evaluates the alert rule.Note During an alert rule evaluation, if a query returns more than 100 log entries, Log Service checks only the first 100 log entries. Trigger Condition The condition that is required to trigger an alert. Log Service triggers an alert if the trigger condition is met. For example, you can set the trigger condition to
pv%100 > 0 && uv > 0.Note In a trigger condition, you can use $serialNumber to specify a chart. For example, $0 indicates chart 0. For more information, see How can I view the serial number of a chart?
Notification Trigger Threshold The accumulated number of alert rule evaluations in which the trigger condition is met before alert notifications are sent.
The default value is 1. It means that alert notifications are immediately sent if the trigger condition is met in an alert rule evaluation.
You can set the Notification Trigger Threshold parameter to an integer greater than 1. In this case, alert notifications are sent only if the accumulated number of alert rule evaluations in which the trigger condition is met exceeds the value. For example, you can set Notification Trigger Threshold to 100. Then, alert notifications are sent if the following two requirements are satisfied: The trigger condition is met in 100 alert rule evaluations and the interval between the current time and the last time when alert notifications are sent exceeds the minimum interval (Notification Interval). After alert notifications are sent, Log Service resets the accumulated number to zero. An alert rule evaluation is not counted if a query in the evaluation fails. A query may fail due to exceptions such as network disconnection.
Notification Interval The interval at which Log Service sends alert notifications.
If the trigger condition is met in an alert rule evaluation, Log Service checks the following items: the accumulated number of alert rule evaluations in which the trigger condition is met and the interval between the current time and the last time when alert notifications are sent. Alert notifications are sent only if the accumulated number exceeds the threshold (Notification Trigger Threshold) and the interval exceeds the minimum (Notification Interval). If you set the Notification Interval parameter to 5 minutes, alert notifications are set at a minimum interval of five minutes.Note You can use the Notification Trigger Threshold and Notification Interval parameters to prevent excessive alert notifications.
- In the Notifications step, configure notification methods and click Submit.Available notification methods include emails, DingTalk chatbot webhooks, custom webhooks, and Alibaba Cloud Message Center. To configure a notification method, you can select a notification method, click Add, and then set the parameters. You can configure one or more notification methods. You can also click Import Notification Configurations to inherit the notification methods of an existing alert rule. For more information, see Configure a notification method.
How can I view the serial number of a chart?