All Products
Search
Document Center

Simple Log Service:Create an alert policy

Last Updated:Nov 28, 2024

If an alert is triggered by an alert rule, Simple Log Service merges or silences the alert based on the alert policy that is used by the alert rule. This topic describes how to create an alert policy.

Step 1: Create an alert policy

  1. Log on to the Simple Log Service console.

  2. In the Projects section, click a project.

    image

  3. In the left-side navigation pane, click Alerts. On the Alert Center page, choose Notification Management > Alert Policy. On the Alert Policy tab, click Create.

    image

  4. In the Add Policy dialog box, configure the ID and Name parameters. The following table describes the parameters.

    image

    Parameter

    Description

    ID

    The unique ID of the alert policy.

    Name

    The name of the alert policy.

Step 2: Configure settings on the Route and Merge tab

You can configure a merge policy to merge a large number of identical alerts that are triggered into an alert set. You can specify conditions to match alerts in the Condition node and configure rules to merge alerts in the Merge Alerts node.

Configuration description

  1. Specify conditions to match alerts in the Condition node.

    When you configure alert policies and action policies, you can add a Condition node. If alerts in an alert set meet the specified conditions, the specified action is performed.

    • Operator: You can use regular expressions or value ranges to match data.

      Regular expression match: Alerts are matched based on a regular expression.

      正则匹配

      Value range match: Alerts are matched by comparing numeric values. For example, you can use an operator such as equal to (=) or greater than or equal to (>=).

      数值范围

    • Mode: You can add multiple conditions in standard mode or advanced mode.

      Standard Mode: If you specify multiple conditions, the conditions are evaluated by using a logical AND.

      标准模式

      Advanced Mode: If you specify multiple conditions, you can use a logical AND or OR to evaluate the conditions. You can also group multiple conditions by using parentheses ().

      高级模式

  2. Configure rules to merge alerts in the Merge Alerts node. For more information about how to configure the Merge by, Action Policy, Group Wait, Group Interval, and Repeat Interval parameters, see Deduplicate alerts

Configuration example

  1. On the Route and Merge Policy tab, click the 条件 icon.

  2. Specify conditions to match alerts.

    条件

  3. Configure rules to merge alerts.

    The following figure shows a sample merge policy. If alerts have an env label of prd, the alerts are merged by the projects to which the alerts belong, and the SLS built-in action policy is executed. If alerts have an env label of test, the alerts are merged by the alert rules that trigger the alerts, and the test action policy is executed.

    路由合并策略

  4. Click the 结束 icon for the Condition and Merge Alerts nodes to complete the configuration.

Step 3: Configure settings on the Silence Policy tab

You can configure a silence policy to prevent Simple Log Service from sending notifications for alerts that match specified conditions during a silence period. You can specify conditions to match alerts in the Condition node and specify a silence period in the Silence Period node.

Configuration description

  1. For more information about how to specify conditions in the Condition node, see the related descriptions in the "Step 2: Configure settings on the Route and Merge Policy tab" section of this topic.

  2. If you configure a silence policy for an alert policy, all alert rules that use the alert policy are affected. For more information about how silence policies work, see Silence policies.

Configuration example

  1. On the Silence Policy tab, click the 条件 icon.

  2. Specify conditions to match alerts and specify a silence period.

    The following figure shows a sample silence policy. If alerts have a severity of Medium and an expired label of true and the alert rule belongs to a project whose name contains test-project, the alerts are silenced for 1 hour. If alerts do not match the conditions and do not have an owner label, the alerts are permanently silenced.静默示例

Remove and add a node

  • Remove a node

    Right-click the node that you want to remove and select Delete Node.

    删除节点

  • Add a node

    In this example, add a node to a merge policy.

    Note

    If you added the End node, you must delete the End node before you can add other nodes such as Condition and Merge Alerts.

    • Click the 条件 icon to add a Condition node.

    • Click the 分组合并 icon to add a Merge Alerts node.

    • Click the 结束 icon to add an End node.

    告警策略