Configuring Log Alarm Rules¶
You can set alarm rules based on keywords in log streams to monitor service status in real time. Currently, up to 200 keyword alarms can be created for each account.
Prerequisites¶
A log group and stream have been created. For details, see Managing Log Groups and Managing Log Streams.
Creating a Keyword Alarm Rule¶
LTS allows you to collect statistics on log keywords in log streams and set alarm rules to monitor them. By checking the number of keyword occurrences in a specified period, you can have a real-time view of the service running.
Log in to the management console and choose Management & Deployment > Log Tank Service.
Choose Alarms in the navigation pane.
Click the Alarm Rules tab.
Click Create. The Create Alarm Rule right panel is displayed.
Configure alarm rule parameters.
Table 1 Keyword alarm rule parameters¶ Category
Parameter
Description
Basic Info
Rule Name
Name of the alarm rule. Enter 1 to 64 characters and do not start or end with a hyphen (-) or underscore (_). Only letters, digits, hyphens, and underscores are allowed.
Note
After an alarm rule is created, the rule name can be modified. After the modification, move the cursor over the rule name to view the new and original rule names. The original rule name cannot be changed.
Description
Brief description of the rule. Enter up to 64 characters.
Statistical Analysis
Statistics
By keyword: applicable when keywords are used to search for and configure log alarms.
Query Condition
Log Group Name: Select a log group.
Log Stream Name: Select a log stream.
Note
If a log group contains more than one log stream, you can select multiple log streams when creating a keyword alarm rule.
Query Time Range: Specify the query period of the statement. It is one period earlier than the current time. For example, if Query Time Range is set to one hour and the current time is 9:00, the period of the query statement is 8:00-9:00.
The value ranges from 1 to 60 in the unit of minutes.
The value ranges from 1 to 24 in the unit of hours.
Keywords: Enter keywords that you want LTS to monitor in logs. Exact and fuzzy matches are supported. A keyword is case-sensitive and contains up to 1,024 characters.
Check Rule
Configure a condition that will trigger the alarm.
Matching Log Events: When the number of log events that contain the configured keywords reaches the specified value, an alarm is triggered. Four comparison operators are supported: greater than (>), greater than or equal to (>=), less than (<), and less than or equal to (<=).
The number of queries refers to the Query Frequency set in Advanced Settings and the number of times the condition must be met to trigger the alarm. The number of queries must be greater than or equal to the number of times the condition must be met.
Note
The alarm severity can be critical (default), major, minor, or info.
Number of queries: 1-10
Advanced Settings
Query Frequency
The options for this parameter are:
Hourly: The query is performed at the top of each hour.
Daily: The query is run at a specific time every day.
Weekly: The query is run at a specific time on a specific day every week.
Custom interval: You can specify the interval from 1 minute to 60 minutes or from 1 hour to 24 hours. For example, if the current time is 9:00 and the Custom interval is set to 5 minutes, the first query is at 9:00, the second query is at 9:05, the third query is at 9:10, and so on.
Note
When the query time range is set to a value larger than 1 hour, the query frequency must be set to every 5 minutes or a lower frequency.
CRON: CRON expressions support schedules down to the minute and use 24-hour format. Examples:
0/10 * * * *: The query starts from 00:00 and is performed every 10 minutes. That is, queries start at 00:00, 00:10, 00:20, 00:30, 00:40, 00:50, 01:00, and so on. For example, if the current time is 16:37, the next query is at 16:50.
0 0/5 * * *: The query starts from 00:00 and is performed every 5 hours at 00:00, 05:00, 10:00, 15:00, 20:00, and so on. For example, if the current time is 16:37, the next query is at 20:00.
0 14 * * *: The query is performed at 14:00 every day.
0 0 10 * *: The query is performed at 00:00 on the 10th day of every month.
Advanced Settings
Restores
Configure a policy for sending an alarm clearance notification.
If alarm clearance notification is enabled and the trigger condition has not been met for the specified number of statistical periods, an alarm clearance notification is sent.
Number of last queries: 1-10
Advanced Settings
Notify When
Alarm triggered: Specify whether to send a notification when an alarm is triggered. If this option is enabled, a notification will be sent when the trigger condition is met.
Alarm cleared: Specify whether to send a notification when an alarm is cleared. If this option is enabled, a notification will be sent when the recovery policy is met.
Advanced Settings
Frequency
You can select Once, Every 5 minutes, Every 10 minutes, Every 15 minutes, Every 30 minutes, Every hour, Every 3 hours, or Every 6 hours to send alarms.
Once indicates that a notification is sent once an alarm is generated. Every 10 minutes indicates that the minimum interval between two notifications is 10 minutes, preventing alarm storms.
Advanced Settings
Alarm Action Rules
Select a desired rule from the drop-down list.
If no rule is available, click Create Alarm Action Rule on the right.
Advanced Settings
Language
Specify the language (Chinese (simplified) or English) in which alarms are sent.
Click OK.
Note
After an alarm rule is created, its status is Enabled by default. After the alarm rule is disabled, the alarm status is Disabled. After the alarm rule is disabled temporarily, the alarm status is Temporarily closed to May 30, 2023 16:21:24.000 GMT+08:00. (The time is for reference only.)
When the alarm rule is enabled, an alarm will be triggered if the alarm rule is met. When it is disabled, an alarm will not be triggered even if the alarm rule is met.
Follow-up Operations on Alarm Rules¶
You can perform the following operations on a single alarm rule.
Modifying an alarm rule: Click
in the Operation column of the row that contains the target alarm rule. On the Modify Alarm Rule page displayed, modify the rule name, query condition , and check rule, and click OK.Enabling an alarm rule: Click
in the Operation column of the row that contains the target alarm rule. (The enabling button is displayed only after the alarm rule is disabled.)Disabling an alarm rule: Click
in the Operation column of the row that contains the target alarm rule. (The disabling button is displayed only after the alarm rule is enabled.)Temporarily disabling the alarm rule: Click
in the Operation column of the row that contains the target alarm rule and set the end time for temporarily disabling the alarm rule.Copying an alarm rule: Click
in the Operation column of the row that contains the target alarm rule.Deleting an alarm rule: Click
in the Operation column of the row that contains the target alarm rule, and click OK.After selecting multiple alarm rules, you can perform the following operations on the alarms: Open, Close, Disable Temporarily, Re-Enable, Enable Clearance, Disable Clearance, Delete, and Export.
You can move the cursor to the rule name to view both the new and original names after modification. The original rule name cannot be changed.