All Products
Search

This Product

    Simple Log Service:Data structure of alert resource data

    Document Center

    Simple Log Service:Data structure of alert resource data

    Last Updated:Dec 18, 2024

    This topic describes the data structure of alert resource data.

    Background information

    Alert resource data includes users, user groups, on-duty groups, webhook integration, alert policies, action policies, alert templates, and other custom resource data. The alert policies include merge, inhibition, and silence policies.

    Note

    Inhibition policy is not recommended.

    Resource data is classified into two categories: resource and record. For example, a user is a resource, and each piece of user information is a record.

    Category

    Attribute

    Description

    Resource

    resource_name

    The name of a resource. For example, the resource name of a user is sls.common.user.

    Record

    id

    The unique ID of a record. Data type: string.

    tag

    The tag of a record. Data type: string.

    value

    The complete value of a record. Data type: JSON string.

    Data structure of alert resource data

    Resource type

    resource_name field

    record_id field

    record_tag field

    Example

    Remarks

    User

    sls.common.user

    user_id

    user_name

    {
    "user_id": "alex",
    "user_name": "Alex",
    "email": [
        "***@example.com"
    ],
    "country_code": "86",
    "phone": "133********3333",
    "enabled": true,
    "sms_enabled": true,
    "voice_enabled": true
}

    None.

    User group

    sls.common.user_group

    user_group_id

    user_group_name

    {
    "user_group_id": "devops",
    "user_group_name": "DevOps Team",
    "enabled": true,
    "members": [
        "alex"
    ]
}

    None.

    On-duty group

    sls.alert.oncall_group

    oncall_id

    oncall_name

    {
    "oncall_id": "default_oncall",
    "oncall_name": "Default Oncall",
    "enabled": true,
    "overrides": [],
    "rotations": [
        {
            "targets": [
                {
                    "type": "user",
                    "target_id": "alex"
                },
                {
                    "type": "user_group",
                    "target_id": "devops"
                }
            ],
            "end_time": 0,
            "shift_day": "",
            "shift_time": "12:00",
            "shift_type": "day",
            "start_time": 1633017600,
            "shift_minute": 0,
            "end_time_type": "none",
            "shift_interval": 1,
            "shift_week_custom": null,
            "restriction_date_type": "workday",
            "restriction_time_type": "allday",
            "restriction_week_range": null,
            "restriction_time_custom_range": null
        }
    ],
    "calendar_id": "default_calendar"
}

    This configuration is complex. We recommend that you complete the configuration in the Simple Log Service console.

    Webhook integration

    sls.alert.action_webhook

    id

    name

    {
    "id": "custom-webhook",
    "name": "Custom Webhook",
    "type": "custom",
    "url": "http://localhost:9099/data/webhook",
    "method": "POST",
    "headers": [
        {
            "key": "Content-Type",
            "value": "application/json"
        },
        {
            "key": "Foo",
            "value": "bar"
        }
    ]
}
{
    "id": "dingtalk",
    "name": "Dingtalk Webhook",
    "type": "dingtalk",
    "url": "https://oapi.dingtalk.com/robot/send?access_token=**********",
    "method": "POST",
    "secret": "SEC**********",
    "headers": []
}

    • Set type to the type of the webhook. Valid values:

      • dingtalk: DingTalk webhook

      • wechat: Enterprise WeChat webhook

      • lark: Lark webhook

      • slack: Slack webhook

      • custom: custom webhook

    • For all the types except custom, set method to POST and headers to an empty array.

    • If you set type to dingtalk and select Additional Signature for Security Settings when you create a DingTalk chatbot or if you set type to lark and select Set signature verification for Security settings when you create a Lark bot, you must add the secret field.

      You can obtain the value of the secret field on the chatbot management page of DingTalk or the bot management page of Lark.

    Alert policy

    sls.alert.alert_policy

    policy_id

    policy_name

    {
    "policy_id": "sls.builtin",
    "policy_name": "SLS Builtin Alert Policy",
    "parent_id": "sls.root",
    "is_default": false,
    "group_script": "fire(action_policy=\"sls.builtin\", group={\"project\": \"__a__\", \"uid\": alert.aliuid}, group_wait=\"5s\", group_interval=\"2m\", repeat_interval=\"2m\")\nstop()\nfire(action_policy=\"sls.builtin\", group={\"alert_id\": alert.alert_id}, group_wait=\"5s\", group_interval=\"10s\", repeat_interval=\"2m\")\nif alert.labels.name ~= \"^\\\\w+s$\":\n\tfire(action_policy=\"sls.builtin\", group={\"product\": \"xxs\"}, group_wait=\"5s\", group_interval=\"10s\", repeat_interval=\"2m\")\n\tstop()\nstop()\nfire(action_policy=\"sls.builtin\", group={\"label_name\": alert.labels.name}, group_wait=\"10s\", group_interval=\"10s\", repeat_interval=\"2m\")",
    "inhibit_script": "if alert.severity >= 8:\n    silence alert.severity < 6",
    "silence_script": ""
}

    • Set is_default to false.

    • Set group_script to a merge policy.

    • Set inhibit_script to an inhibition policy.

    • Set silence_script to a silence policy.

    • If you use an SDK to perform the configuration, group_script, inhibit_script, and silence_script include only domain-specific language (DSL) script information and do not include UI configuration information. Therefore, you cannot view the graphical structure of the alert policy in the Simple Log Service console.

    Action policy

    sls.alert.action_policy

    action_policy_id

    action_policy_name

    {
    "action_policy_id": "sls.builtin",
    "action_policy_name": "SLS Builtin Action Policy",
    "labels": {},
    "is_default": false,
    "primary_policy_script": "fire(type=\"webhook_integration\", integration_type=\"dingtalk\", webhook_id=\"dingtalk-test\", template_id=\"default-template\", period=\"any\")",
    "secondary_policy_script": "fire(type=\"voice\", users=[\"jizhi\"], groups=[\"group-jizhi\"], template_id=\"default-template\")",
    "escalation_start_enabled": false,
    "escalation_start_timeout": "10s",
    "escalation_inprogress_enabled": false,
    "escalation_inprogress_timeout": "10s",
    "escalation_enabled": false,
    "escalation_timeout": "4h0m0s"
}

    • Set is_default to false.

    • Set labels to an empty object. labels is a reserved parameter.

    • Set primary_policy_script to a primary action policy.

    • Set secondary_policy_script to a secondary action policy.

    • Set escalation_* to determine whether to enable a secondary action policy. For more information, see the configuration items in the Simple Log Service console.

    • If you use an SDK to perform the configuration, primary_policy_script and secondary_policy_script include only DSL script information and do not include UI configuration information. Therefore, you cannot view the graphical structure of the action policy in the Simple Log Service console.

    Alert template

    sls.alert.content_template

    template_id

    template_name

    {
    "template_id": "default-template",
    "template_name": "Default Template",
    "is_default": false,
    "templates": {
        "fc": {
            "limit": 0,
            "locale": "zh-CN",
            "content": "",
            "send_type": "merged"
        },
        "sms": {
            "locale": "zh-CN",
            "content": ""
        },
        "lark": {
            "title": "Alerthub alert test ${alert_name}",
            "locale": "zh-CN",
            "content": ""
        },
        "email": {
            "locale": "zh-CN",
            "content": "",
            "subject": "SLS alert test-jizhi-test"
        },
        "slack": {
            "title": "Alerthub alert test ${alert_name}",
            "locale": "zh-CN",
            "content": ""
        },
        "voice": {
            "locale": "zh-CN",
            "content": ""
        },
        "wechat": {
            "title": "Alerthub alert test ${alert_name}",
            "locale": "zh-CN",
            "content": ""
        },
        "webhook": {
            "limit": 0,
            "locale": "zh-CN",
            "content": "",
            "send_type": "batch"
        },
        "dingtalk": {
            "title": "Alerthub alert test ${alert_name}",
            "locale": "zh-CN",
            "content": ""
        },
        "event_bridge": {
            "locale": "zh-CN",
            "content": "",
            "subject": "wkb-test"
        },
        "message_center": {
            "locale": "zh-CN",
            "content": ""
        }
    }
}

    • Set is_default to false.

    • Set templates to the alert templates for each notification method that you want to use. If content is empty for a notification method, the default alert template is used for the notification method. For more information, see Default alert templates.

    • Set locale to zh-CN or en-US.

    • For the webhook and fc notification methods, set send_type to single or batch. The value single indicates that Simple Log Service sends notifications for each alert. The value batch indicates that Simple Log Service merges alerts into an alert set and sends only one notification for the alert set.

    Default calendar

    sls.common.calendar

    calendar_id

    calendar_name

    {
    "calendar_id": "default_calendar",
    "calendar_name": "Default Calendar",
    "timezone": "Asia/Shanghai",
    "workdays": [
        1,
        2,
        3,
        4,
        5
    ],
    "worktime": [
        {
            "end_time": "21:00",
            "start_time": "09:00"
        }
    ],
    "reset_days": [],
    "holiday_sync": "china"
}

    • Set the ID of the default calendar to default_calendar.

    • This configuration is complex. We recommend that you complete the configuration in the Simple Log Service console.

    Descriptions of DSL syntax

    This section provides DSL configuration examples.

    Important

    DSL configuration is complex. We recommend that you complete the configuration in the Simple Log Service console and then view data below Payload for requests on the Network tab.

    Configure a merge policy

    • Configuration in the Simple Log Service consoleAlert policy

    • DSL configuration

      if alert.severity >= 8:
    fire(action_policy="sls.builtin", group={"alert.project": alert.project, "alert.alert_id": alert.alert_id}, group_by_all_labels=true, group_wait="15s", group_interval="5m", repeat_interval="1h")
    stop()
fire(action_policy="sls.builtin", group={"alert.project": alert.project}, group_by_all_labels=false, group_wait="15s", group_interval="5m", repeat_interval="1h")

      DSL configuration description:

      • if alert.severity >= 8 specifies a condition node.

      • fire( ) specifies a merge node.

        • action_policy specifies the ID of the action policy.

        • group specifies the standard based on which Simple Log Service merges alerts. Data type: dictionary.

        • group_by_all_labels specifies whether to merge alerts based on all labels. Valid values: true and false.

        • group_wait specifies the interval after which Simple Log Service sends an alert notification if the first alert set is created.

        • group_interval specifies the interval after which Simple Log Service sends an alert notification if the data in an alert set is modified.

        • repeat_interval specifies the interval after which Simple Log Service sends an alert notification if the data in an alert set remains the same.

      • stop() specifies the end node.

    Configure an inhibition policy

    • Configuration in the Simple Log Service consoleAlert policy

    • DSL configuration

      if alert.severity >= 8:
    silence alert.severity < 8
    stop()

      DSL configuration description:

      • if alert.severity >= 8 specifies a condition node.

      • silence alert.severity < 8 specifies an inhibition node.

      • stop() specifies the end node.

    Configure a silence policy

    • Configuration in the Simple Log Service consoleAlert policy

    • DSL configuration

      drop(end=1638189177) alert.alert_name == "test-alert"
accept alert.labels.env == "prod"

      DSL configuration description:

      • drop specifies that alerts are silenced.

      • accept specifies that alerts are not silenced.

      • start and end specify the time range during which alerts are silenced. The values are UNIX timestamps. Unit: seconds.

        • Specific time range: You must configure start and end.

        • Before a point in time: You need to only configure end.

        • Time range: You need to only configure end.

        • Continuous: You do not need to configure start or end.

    Configure an action policy

    • Configuration in the Simple Log Service consoleAction policy

    • DSL configuration

      if alert.severity >= 8:
    fire(type="sms", users=[], groups=[], oncall_groups=["alert-test-oncall"], template_id="sls.builtin.cn", check_quota="true", period="any")
    stop()
if alerts.severity < 8:
    fire(type="webhook_integration", integration_type="dingtalk", webhook_id="jizhi-test", template_id="sls.builtin.cn", period="any")
    stop()
      Important

      • if alert.xxx specifies that an action policy is executed if any alert meets the conditions.

      • if alerts.xxx specifies that an action policy is executed only if all alerts meet the conditions.

    The following figure and code provide a configuration example of an action policy. The configuration for each notification method is provided.

    • Configuration in the Simple Log Service consoleAction policy

    • DSL configuration

      fire(type="sms", users=["jizhi"], groups=[], oncall_groups=[], template_id="sls.builtin.cn", check_quota="true", period="workday")
fire(type="voice", users=[], groups=[], oncall_groups=["alert-test-oncall"], template_id="sls.builtin.cn", check_quota="true", period="worktime")
fire(type="email", users=[], groups=["alert-test"], oncall_groups=[], template_id="sls.builtin.cn", check_quota="true", period="any")
fire(type="webhook_integration", integration_type="dingtalk", webhook_id="jizhi-test", template_id="sls.builtin.cn", period="any")
fire(type="webhook_integration", integration_type="wechat", webhook_id="wechat-test", template_id="sls.builtin.cn", period="any")
fire(type="message_center", template_id="sls.builtin.cn", check_quota="true", period="any")
fire(type="event_bridge", region="cn-hangzhou", bus_name="bus-demo", template_id="sls.builtin.cn", period="any")
fire(type="fc", region="cn-shanghai", service="jizhi-test", qualifier="LATEST", function="sls-ops-1", template_id="sls.builtin.cn", period="any")
fire(type="set_ticket_owner", choice="random", users=[], groups=[], oncall_groups=["alert-test-oncall"])

      DSL configuration description:

      fire() specifies a notification method. For more information, see Notification methods.