New Relic是一个基于云计算的可观测平台,旨在帮助您更好地构建应用。您可以通过New Relic整合数据、分析数据及快速响应事件。您只需在New Relic控制台上配置通知渠道为日志服务开放告警接口的URL,即可将New Relic告警消息发送到日志服务告警系统中,由日志服务告警系统完成告警降噪、通知等处理。

New Relic配置

  1. 登录New Relic管理控制台。
  2. 配置通知渠道。
    1. 在顶部导航栏,选择Alerts & AI > Notification channels
    2. 单击New notification channel
    3. 配置如下参数。
      参数 说明
      Select a channel type 通知渠道类型,选择Webhook
      Channel name 通知渠道名称。
      Base Url 配置为您在日志服务中创建开放告警服务和应用后生成的接口信息(完整URL)。如何获取,请参见获取接口信息
      Use Custom Payload 定义告警消息的内容,New Relic将根据此配置生成告警消息内容。关于New Relic提供的告警消息变量的更多信息,请参见New Relic官方文档

      您需要将Payload中的内容替换为如下内容。其中,除labels字段和annotations字段之外的所有字段必须按照示例进行配置。其余未被使用的New Relic变量,您可以根据需求添加到labels字段或annotations字段中。

      {
        "alert_instance_id": "$INCIDENT_ID",
        "alert_name": "$POLICY_NAME",
        "status": "$EVENT_STATE",
        "alert_time": "$TIMESTAMP",
        "fire_time": "$TIMESTAMP",
        "fire_result": "$TARGETS",
        "resolve_time": "$TIMESTAMP",
        "labels": {
            "metadata": "$METADATA"
        },
        "annotations": {
            "desc": "$EVENT_DETAILS",
            "__account_id__": "$ACCOUNT_ID",
            "__account_name__": "$ACCOUNT_NAME",
            "__link_incident_acknowledge_url__": "$INCIDENT_ACKNOWLEDGE_URL",
            "__link_policy_url__": "$POLICY_URL",
            "__link_runbook_url__": "$RUNBOOK_URL",
            "__link_violation_callback_url__": "$VIOLATION_CALLBACK_URL",
            "__link_violation_chart_url__": "$VIOLATION_CHART_URL",
            "closed_violations_count_critical": "$CLOSED_VIOLATIONS_COUNT_CRITICAL",
            "closed_violations_count_warning": "$CLOSED_VIOLATIONS_COUNT_WARNING",
            "condition_description": "$DESCRIPTION",
            "condition_id": "$CONDITION_ID",
            "condition_name": "$CONDITION_NAME",
            "duration": "$DURATION",
            "event_type": "$EVENT_TYPE",
            "open_violations_count_critical": "$OPEN_VIOLATIONS_COUNT_CRITICAL",
            "open_violations_count_warning": "$OPEN_VIOLATIONS_COUNT_WARNING",
            "owner": "$EVENT_OWNER",
            "timestamp_utc_string": "$TIMESTAMP_UTC_STRING"    
        },
        "severity": "$SEVERITY",
        "drill_down_query": "$INCIDENT_URL"
      }
  3. 应用通知渠道。
    1. 在顶部导航栏,选择Alerts & AI > Policies
    2. 在告警规则列表中,单击目标告警规则。
    3. Notification channel页签中,单击Add notification channels
    4. 选择您已创建的通知渠道。

New Relic告警消息

New Relic告警消息内容示例如下:

{
    "alert_instance_id": 123456,
    "alert_name": "wkbTest",
    "alert_time": 1629445629043,
    "fire_time": 1629445629043,
     "fire_results":
    [
        {
            "id": "Metric",
            "name": "cn-hangzhou_ecs.s6-c1m4.xlarge_123456789",
            "link": "https://insights.newrelic.com/accounts/123456/query?query=SELECT%20average%28%60host.diskUsedPercent%60%29%20FROM%20Metric%20FACET%20regionId%2C%20host.instanceType%2C%20%20entity.id%20TIMESERIES%201%20minute%20SINCE%20%272021-08-20%2001%3A48%3A08%27%20UNTIL%20%272021-08-20%2007%3A47%3A08%27",
            "labels":
            {
                "entity.id": "123456789",
                "host.instanceType": "ecs.s6-c1m4.xlarge",
                "regionId": "cn-hangzhou"
            },
            "product": "NRQL",
            "type": "Query"
        }
    ],
    "resolve_time": 1629445629043,
    "status": "open",
    "labels":
    {
        "metadata":
        {
            "evaluation_system_source": "Willamette"
        }
    },
    "annotations":
    {
        "owner": "",
        "open_violations_count_critical": 1,
        "closed_violations_count_critical": 0,
        "__link_policy_url__": "https://alerts.newrelic.com/accounts/123456/policies/123456",
        "__link_violation_chart_url__": "https://gorgon.nr-assets.net/image/1a2b3c4d-1234-abcd-1a2b-1a2b3c4d?config.legend.enabled=false",
        "condition_id": 123456,
        "duration": 476,
        "open_violations_count_warning": 0,
        "__account_name__": "Account 123456",
        "event_type": "INCIDENT",
        "__link_runbook_url__": null,
        "__link_violation_callback_url__": "https://insights.newrelic.com/accounts/123456/query?query=SELECT%20average%28%60host.diskUsedPercent%60%29%20FROM%20Metric%20FACET%20regionId%2C%20host.instanceType%2C%20%20entity.id%20TIMESERIES%201%20minute%20SINCE%20%272021-08-20%2001%3A48%3A08%27%20UNTIL%20%272021-08-20%2007%3A47%3A08%27",
        "timestamp_utc_string": "2021-08-20, 07:47 UTC",
        "__account_id__": 123456,
        "condition_description": "this is cond0",
        "__link_incident_acknowledge_url__": "https://alerts.newrelic.com/accounts/123456/incidents/123456/acknowledge",
        "closed_violations_count_warning": 0,
        "condition_name": "cond0",
        "desc": "Metric query result is > 0.0 on 'cond0'"
    },
    "severity": "CRITICAL",
    "drill_down_query": "https://alerts.newrelic.com/accounts/123456/incidents/123456",
    
}

告警消息映射

New Relic告警消息被接入到日志服务后,映射为日志服务告警内容。示例如下:

{
    "aliuid": "aliuid1",
    "alert_instance_id": "123456",
    "alert_id": "NewRelic_wkbTest",
    "alert_type": "sls_pub",
    "alert_name": "test-alert",
    "region": "{告警消息发送的网络接口对应的地域}",
    "project": "{告警中心所属的Project}",
    "project_id": 0,
    "next_eval_interval": 0,
    "alert_time": 1629445629,
    "fire_time": 1629445629,
    "fire_results":
    [
        {
            "id": "Metric",
            "link": "https://insights.newrelic.com/accounts/123456/query?query=SELECT%20average%28%60host.diskUsedPercent%60%29%20FROM%20Metric%20FACET%20regionId%2C%20host.instanceType%2C%20%20entity.id%20TIMESERIES%201%20minute%20SINCE%20%272021-08-20%2001%3A48%3A08%27%20UNTIL%20%272021-08-20%2007%3A47%3A08%27",
            "name": "cn-hangzhou_ecs.s6-c1m4.xlarge_123456789",
            "product": "NRQL",
            "type": "Query"
        }
    ],
    "fire_results_count": 1,
    "resolve_time": 0,
    "status": "firing",
    "results": null,
    "labels":
    {
        "evaluation_system_source": "Willamette"
    },
    "annotations":
    {
        "__account_id__": "123456",
        "__account_name__": "Account 123456",
        "__config_app__": "sls_pub_alert",
        "__link_incident_acknowledge_url__": "https://alerts.newrelic.com/accounts/123456/incidents/123456/acknowledge",
        "__link_policy_url__": "https://alerts.newrelic.com/accounts/123456/policies/123456",
        "__link_violation_callback_url__": "https://insights.newrelic.com/accounts/123456/query?query=SELECT%20average%28%60host.diskUsedPercent%60%29%20FROM%20Metric%20FACET%20regionId%2C%20host.instanceType%2C%20%20entity.id%20TIMESERIES%201%20minute%20SINCE%20%272021-08-20%2001%3A48%3A08%27%20UNTIL%20%272021-08-20%2007%3A47%3A08%27",
        "__link_violation_chart_url__": "https://gorgon.nr-assets.net/image/1a2b3c4d-1234-abcd-1a2b-1a2b3c4d?config.legend.enabled=false",
        "__pub_alert_app__": "{开放告警应用ID}",
        "__pub_alert_protocol__": "newrelic",
        "__pub_alert_region__": "{接收告警消息的网络接口对应的地域}",
        "__pub_alert_service__": "{开放告警服务ID}",
        "condition_description": "this is cond0",
        "condition_id": "123456",
        "condition_name": "cond0",
        "desc": "Metric query result is > 0.0 on 'cond0'",
        "duration": "476",
        "event_type": "INCIDENT",
        "open_violations_count_critical": "1",
        "timestamp_utc_string": "2021-08-20, 07:47 UTC"
    },
    "severity": 10,
    "policy":
    {
        "alert_policy_id": "{开放告警应用中配置的告警策略ID}",
        "action_policy_id": "{开放告警应用中配置的行动策略ID}",
        "use_default": false,
        "repeat_interval": "{开放告警应用中配置的重复等待时间}"
    },
    "template": null,
    "drill_down_query": "https://alerts.newrelic.com/accounts/123456/incidents/123456"
}
日志服务 New Relic 说明
aliuid 用于接入告警的开放告警应用所属的阿里云账号ID。
alert_id 告警监控规则的ID。

alert_id字段值为NewRelic_${alert_name},其中{$alert_name}为告警监控规则的名称。

alert_instance_id alert_instance_id 告警消息的ID。
alert_type 告警类型,固定为sls_pub。
alert_name alert_name 告警监控规则的名称。
status status 告警状态。
  • 如果New Relic告警消息中status字段的值为open或者acknowledged,则status的值为firing。
  • 如果New Relic告警消息中status字段的值为resolved,则status的值为resolved。
next_eval_interval 告警评估间隔时间,固定为0。
alert_time alert_time 告警触发时间。
fire_results fire_results 告警的查询参数和中间结果。字段值为Array类型。

New Relic告警消息的fire_results字段中,如果元素的值不是字符串,则对应的键值对将被删除,剩余键值对被添加到日志服务告警消息的fire_results字段中。

fire_results_count 统计fire_results字段中元素的个数。
fire_time fire_time 告警触发时间。
resolve_time resolve_time 告警恢复时间。
  • 如果status字段的值为firing,则resolve_time的值为New Relic告警消息中resolve_time字段的值。
  • 如果status字段的值为resolved,则resolve_time的值为0。
labels labels 标签信息。
  • New Relic告警消息的metadata字段中的所有键值对将被添加到日志服务告警消息的labels字段中。
  • New Relic告警消息的labels字段中,其余未被使用且字段值非空的字段都将被添加到日志服务告警消息的labels字段中。
annotations annotations 标注信息。日志服务告警消息的annotations字段中将加入以下字段:
  • desc:告警内容描述。对应New Reailc告警消息中的desc字段。
  • New Relic告警消息的annotations字段中,其余未被使用且字段值非空的字段都会被添加到日志服务告警消息的annotations字段中。
severity severity 告警严重度。New Relic告警严重度与日志服务告警严重度的映射关系如下:
  • CRITICAL:严重
  • WARNING:高
  • INFO:报告
说明 如果New Relic告警中未定义严重度,则日志服务告警严重度映射为中。
policy 您在开放告警应用中配置的告警策略。更多信息,请参见Policy结构
project 告警中心所属的Project。更多信息,请参见项目(Project)
drill_down_query drill_down_query 对应New Relic告警事件管理页面的URL地址。