Creating a Keyword Alarm Rule¶

Function¶

This API is used to create a keyword alarm. Currently, each account can create a maximum of 200 keyword alarms and SQL alarms.

URI¶

POST /v2/{project_id}/lts/alarms/keywords-alarm-rule

**Table 1** Path Parameters¶
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain a project ID, see Obtaining the Project ID, Account ID, Log Group ID, and Log Stream ID. Minimum: 32 Maximum: 32

Request Parameters¶

**Table 2** Request header parameters¶
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token obtained from IAM. For details about how to obtain a user token, see Obtaining a User Token. Minimum: 1000 Maximum: 2000
Content-Type	Yes	String	Set this parameter to application/json;charset=UTF-8. Minimum: 30 Maximum: 30

**Table 3** Request body parameters¶
Parameter	Mandatory	Type	Description
keywords_alarm_rule_name	Yes	String	Keyword alarm rule names. Note Cannot start with a period (.) or underscore (_) or end with a period (.). Minimum: 1 Maximum: 64
keywords_alarm_rule_description	No	String	Keyword alarm description. Minimum: 0 Maximum: 64
keywords_requests	Yes	Array of KeywordsRequest objects	Keyword details.
frequency	Yes	Frequency object	Alarm statistical period.
keywords_alarm_level	Yes	String	Alarm severity.
keywords_alarm_send	Yes	Boolean	Whether to send an alarm.
domain_id	Yes	String	Account ID. For details about how to obtain an account ID, see Obtaining the Project ID, Account ID, Log Group ID, and Log Stream ID. Minimum: 32 Maximum: 32
trigger_condition_count	No	Integer	Number of times that log events meet the trigger condition. The default value is 1.
trigger_condition_frequency	No	Integer	Number of queries in which the triggering condition is met. The default value is 1.
whether_recovery_policy	No	Boolean	Whether to enable the alarm clearance notification. The default value is false.
recovery_policy	No	Integer	Number of queries in which the triggering condition is not met. The alarm is cleared when this number reaches the value (3 by default) of this parameter.
notification_frequency	Yes	Integer	Notification frequency, in minutes.
alarm_action_rule_name	No	String	Alarm action rule name. Note Set alarm_action_rule_name or notification_save_rule. If you set both of them, the value of alarm_action_rule_name is prioritized.
notification_save_rule	No	SqlNotificationSaveRule object	Notification topic, which will be unavailable soon. You are advised to use the alarm action rule function.

**Table 4** KeywordsRequest¶
Parameter	Mandatory	Type	Description
log_stream_id	Yes	String	Log stream ID.
log_stream_name	No	String	Log stream name.
log_group_id	Yes	String	Log group ID.
log_group_name	No	String	Log group name.
keywords	Yes	String	Keyword.
condition	Yes	String	Condition.
number	Yes	Integer	Keyword threshold, which forms a condition with keyword and condition. An alarm is triggered when the condition is met.
search_time_range	Yes	Integer	Time range for querying the latest data when a task is executed.
search_time_range_unit	Yes	String	Query time unit.

**Table 5** Frequency¶
Parameter	Mandatory	Type	Description
type	Yes	String	Time type.
cron_expr	No	String	Cron expression, which uses the 24-hour format and is precise down to the minute. 0/10 * * * : The query starts from 00:00 and is performed every 10 minutes at 00:00, 00:10, 00:20, 00:30, 00:40, 00:50, 01:00, and so on. For example, if the current time is 16:37, the next query is at 16:50. 0 0/5 * : The query starts from 00:00 and is performed every 5 hours at 00:00, 05:00, 10:00, 15:00, 20:00, and so on. For example, if the current time is 16:37, the next query is at 20:00. 0 14 * : The query is performed at 14:00 every day. 0 0 10 *: The query is performed at 00:00 on the 10th day of every month.
hour_of_day	No	Integer	This field is used when type is set to DAILY or WEEKLY. DAILY ranges from 0 to 23. WEEKLY ranges from 0 to 23.
day_of_week	No	Integer	This field is used when type is set to WEEKLY (from Sunday to Saturday).
fixed_rate	No	Integer	Value of a period. This field is used when type is set to FIXED_RATE. It is used together with fixed_rate_unit to indicate a fixed period.
fixed_rate_unit	No	String	Unit of a period. This field is used when type is set to FIXED_RATE. It is used together with fixed_rate to indicate a fixed period. The value can be hour or minute.

**Table 6** SqlNotificationSaveRule¶
Parameter	Mandatory	Type	Description
language	Yes	String	Language of the preference. Minimum: 0 Maximum: 10
timezone	No	String	Time zone information used in a notification. Example: +08:00 Minimum: 0 Maximum: 1024
user_name	Yes	String	Username used in a notification. It is generally displayed in the first line of the greeting. Minimum: 1 Maximum: 1024
topics	Yes	Array of Topics objects	Topic information, which will be unavailable soon. You are advised to use the action rule function.
template_name	Yes	String	Message template name.

**Table 7** Topics¶
Parameter	Mandatory	Type	Description
name	Yes	String	Topic name.
topic_urn	Yes	String	Specifies the resource identifier of the topic, which is unique.
display_name	No	String	Specifies the topic display name, which is presented as the name of the email sender in email messages.
push_policy	No	Integer	Specifies the message push policy.

Response Parameters¶

Status code: 200

**Table 8** Response body parameters¶
Parameter	Type	Description
keywords_alarm_rule_id	String	Alarm rule ID.

Status code: 400

**Table 9** Response body parameters¶
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 500

**Table 10** Response body parameters¶
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Example Requests¶

Creating a keyword alarm rule

POST https://{endpoint}/v2/{project_id}/lts/alarms/keywords-alarm-rule

{
  "keywords_alarm_rule_name" : "test",
  "keywords_alarm_rule_description" : "test",
  "keywords_requests" : [ {
    "log_stream_id" : "1",
    "log_group_id" : "1",
    "keywords" : "test",
    "condition" : ">",
    "number" : "100",
    "search_time_range" : 10,
    "search_time_range_unit" : "minute"
  } ],
  "frequency" : {
    "type" : "FIXED_RATE",
    "cron_expr" : "",
    "hour_of_day" : 0,
    "day_of_week" : 0,
    "fixed_rate" : 10,
    "fixed_rate_unit" : "minute"
  },
  "keywords_alarm_level" : "Critical",
  "keywords_alarm_send" : true,
  "domain_id" : "",
  "notification_frequency" : 5,
  "alarm_action_rule_name" : "",
  "notification_save_rule" : {
    "language" : "en-us",
    "timezone" : "xx/xx",
    "user_name" : "test",
    "template_name" : "Message template name.",
    "topics" : [ {
      "name" : "test",
      "topic_urn" : "urn:smn:xxxx-7:1b06fc5dc0814a4da1594a9ade9cb93c:test",
      "display_name" : "",
      "push_policy" : 0
    } ]
  }
}

Example Responses¶

Status code: 200

The request is successful.

{
  "keywords_alarm_rule_id" : "cf46fce8-f8b5-4aff-85c0-35d0c828ea0c"
}

Status code: 400

Invalid request. Modify the request based on the description in error_msg before a retry.

{
  "error_code" : "LTS.2005",
  "error_msg" : "Alarm rule params validator error."
}

Status code: 500

The server has received the request but encountered an internal error.

{
  "error_code" : "LTS.2001",
  "error_msg" : "Failed to create alarm rule."
}

Status Codes¶

Status Code	Description
200	The request is successful.
400	Invalid request. Modify the request based on the description in error_msg before a retry.
500	The server has received the request but encountered an internal error.

Error Codes¶

See Error Codes.

last updated: 2025-10-17 11:00 UTC - commit: 1aef8cbecb9139d36db154d6ff3015832882e151