DocsICP FilingConsole
官方文档
首页

Create an alert policy

更新时间:
复制 MD 格式
产品详情
我的收藏

After an alert rule triggers an alert, Simple Log Service applies an alert policy to merge or silence the alert.

Step 1: Add a policy

  1. Log on to the Simple Log Service console.

  2. In the project list, click the target project.

  3. In the left-side navigation pane, click Alerts. On the Alert Center page, choose Notification Policy > Alert Policy. On the Alert Policy tab, click Create.

    Click the Action Policy tab.

  4. In the Add Policy dialog box, configure the ID and Name.

    The dialog box includes Route and Merge Policy and Silence Policy tabs. Select a tab and design the workflow on the canvas.

    Parameter

    Description

    ID

    The unique ID of the alert policy.

    Name

    The name of the alert policy.

Step 2: Configure a route and merge policy

A route and merge policy combines duplicate alerts into a single notification. In the workflow editor, configure Condition and Alert Merge rules to create a route and merge policy.

Configuration

  1. Matching modes for the Condition node

    Add a Condition node to an alert policy or action policy. The action runs only when alerts in an alert set meet the specified conditions.

    • Operator: Match conditions by regular expression or value range.

      Regular expression match: Matches conditions based on a regular expression.

      For example, set Object to Rule Name and enter \d+.

      Value range match: Matches conditions by comparing numeric values, such as equal to or greater than or equal to.

      For example, set Object to Time-related, Field to Recovery Time, Operator to value range, and enter a value such as [*,100003]. Click Confirm. You can also switch to Advanced Mode.

    • Mode: Combine multiple conditions in Standard Mode or Advanced Mode.

      Standard Mode: All conditions are joined by an AND operator.

      For example, in Standard Mode, set Object to Severity, Operator to Value equals, and Value to High; then set Object to Region, Operator to Equals, and Value to cn-huhehaote. Click the plus (+) or minus (-) icon to add or remove conditions, then click Confirm.

      Advanced Mode: Join conditions with AND or OR operators. Use parentheses to group conditions.

      For example, set Object (Severity, Region, or Rule Name), Operator, and Value for each row. Use OR or AND connectors between rows. Click the plus (+) or minus (-) icon to add or remove rows.

  2. Configure Merge by, action policy, Group Wait, Group Interval, and Repeat Interval as described in Deduplicate alerts.

Configuration example

  1. On the Route and Merge Policy tab, click the Condition icon.

  2. Configure the conditions.

    In the Condition panel, set Object to Alibaba Cloud Account ID, Operator to Equals, enter the target account ID, and click Confirm.

  3. Configure the rules for merging alerts.

    If the env label is prd, alerts are merged by source project and SLS runs the built-in action policy. If env is test, alerts are merged by alert rule and the test action policy runs.

    Both configurations use: Group Wait = 30 seconds, Group Interval = 10 minutes, Repeat Interval = 4 hours.

  4. Click the End icon for the Condition and Merge Alerts nodes to end the configuration.

Step 3: Configure a silence policy

During a silence period, Simple Log Service suppresses notifications for alerts that meet specified conditions. In the workflow editor, configure Condition and Cooldown Period rules to create a silence policy.

Configuration

  1. Condition node matching modes are described in Configuration details in Step 2.

  2. A silence rule in an alert policy applies to all alert rules that use this policy. Alert silencing mechanism.

Configuration example

  1. On the Silence Policy tab, click the Condition icon.

  2. Configure the conditions and the silence period.

    The first condition node checks: Alert Severity >= Medium, Project of Alert Rule matches test-project.*, and label.expired = true. If matched, alerts are silenced for one hour (Specific time range, for example, 2022-06-10 17:18:47 to 2022-06-10 18:18:47). If not matched, the second condition node checks whether label.owner is absent. If so, silence type is Continuous. Otherwise, no silence is applied and the workflow ends.

Add and delete nodes

  • Delete a node

    Hover the pointer over a node, right-click it, and then click Delete Node.

  • Add a node

    The following procedure uses a route and merge policy as an example.

    Note

    If you have already added an End node, you must delete the End node before you can add other nodes, such as Condition and Alert Merge nodes.

    • Click the Condition icon to add a Condition node.

    • Click the Merge alerts icon to add a Alert Merge node.

    • Click the End icon to add an End node.

    For example, a Condition node checks whether the Alibaba Cloud Account ID equals a specified value. If Yes, the flow proceeds to the Merge Alerts node. If No, the flow goes to the next node. All branches must end with an End node.

Previous:Alert managementNext:Alert denoising