All Products
Search

This Product

    :Overview

    Document Center

    :Overview

    Last Updated:Aug 03, 2023

    Simple Log Service provides the alerting feature. You can configure alert rules based on query and analysis results. After you create an alert rule, Simple Log Service checks the related query and analysis result. If a query and analysis result meets the trigger condition that you specified in the alert rule, Simple Log Service sends an alert notification.

    Limits

    The following table describes the limits of the alerting feature in Simple Log Service.

    Item

    Description

    Associated query statements

    You can associate an alert rule with a maximum of three query statements.

    Field value size

    If a field value exceeds 1,024 characters in length, Simple Log Service extracts only the first 1,024 characters for data processing.

    Trigger condition

    The trigger condition has the following limits:

    • Each trigger condition must be 1 to 128 characters in length.

    • If a query result includes more than 100 rows, Simple Log Service only checks whether the first 100 rows meet the trigger condition.

    • Simple Log Service checks whether a trigger condition is met for a maximum of 1,000 times for the specified query statements.

    Query time range

    The maximum time range that you can specify for each query is 24 hours.

    Voice calls

    If a voice call is not answered, Simple Log Service sends an SMS notification.

    You are charged only once for the voice call regardless of whether the call is answered. The SMS notification does not incur fees.

    Query statements in alert rules

    You can associate an alert rule with one or more search statements or query statements.

    • A search statement returns the log entries that meet the search condition. For more information, see Log search overview.

      For example, you can execute the error statement to search for the log entries that were generated in the previous 15 minutes and contain error. A total of 154 log entries are returned. Each log entry consists of key-value pairs. You can set a trigger condition based on the value of a key.

      Note

      If the number of returned log entries exceeds 100, Simple Log Service checks only the first 100 log entries. If one of the log entries meets the condition, an alert is triggered.

    • A query statement consists of a search statement and an analytic statement. The analytic statement analyzes the log entries that meet the search condition and returns a result. For more information, see Log analysis overview.

      For example, the * | select sum(case when status='ok' then 1 else 0 end) *1.0/count(1) as ratio statement returns the percentage of the log entries in which the value of the status field is ok. If you set the trigger condition of an alert rule to ratio < 0.9, an alert is triggered if the percentage of the log entries whose status code is ok is less than 90%.