Simple Log Service:Fields in alert rule evaluation logs

Field

Description

Example

AlertDisplayName

The display name of the alert rule.

Test alert rule

AlertID

The unique ID of the alert rule execution.

0fdd****eb23

AlertName

The name of the alert rule. The name is unique within a project.

alert-1****5-153472

AlertStatus

The status of the alert. Valid values:

• inactive: The alert is not triggered.

• firing: The alert is triggered.

• error: An execution error occurred.

• paused: The alert rule is temporarily disabled.

• pending: The threshold of continuous triggers is not reached.

inactive

Condition

The conditional expression.

$0.count > 1

Dashboard

The dashboard with which the alert rule is associated.

my-dashboard

FireCount

• Alert rule of the old version: the accumulative number of triggers since the last alert notification.

• Alert rule of the new version: the accumulative number of triggers before the threshold of continuous triggers is reached.

1

Fired

Indicates whether an alert was triggered. Valid values: true and false.

true

LastNotifiedAt

The time when the last alert notification was sent. The value is a UNIX timestamp.

1642164541

NotifyStatus

The notification status of the alert. Valid values:

• Success: indicates that alert notifications were sent.

• Failed: indicates that alert notifications failed to be sent.

• NotNotified: indicates that no alert notification was sent.

• PartialSuccess: indicates that some of the alert notifications were sent.

Success

Reason

The reason why alert notifications failed to be sent or no notification was sent.

result type is not bool

Results

The parameters and results of a query. The value is of the array type. For more information, see Subfields in the Results field.

[
  {
    "EndTime": 1642334900,
    "FireResult": null,
    "LogStore": "test-logstore",
    "Query": "* | select count(1) as count",
    "RawResultCount": 1,
    "RawResults": [
      {
        "__time__": "1642334840",
        "count": "0"
      }
    ],
    "StartTime": 1642334840
  }
]

Status

The status of the alert rule evaluation. Valid values: Success and Failed.

Success

Subfield

Description

Example

Query

The query statement.

* | select count(1) as count

Project

The project from which data is queried.

my-project

LogStore

The Logstore from which data is queried.

my-logstore

Store

The Logstore from which logs are queried.

my-logstore

Region

The region where the queried data resides.

cn-hangzhou

StoreType

The type of the destination store from which data is queried. Valid values: log and metric.

log

StartTime

The start time of the query time range. The value is a UNIX timestamp.

1685607401

EndTime

The end time of the query time range. The value is a UNIX timestamp.

1685608001

RawResults

The raw query result that is formatted in an array. Each element in the array is a log.

The length of the array varies based on the size of the log content. The array can contain up to 100 logs or can be 2 KB in length.

[
  {
    "__time__": "1642334840",
    "count": "0"
  }
]

RawResultCount

The number of raw logs that are returned.

1

FireResult

The log that records the triggers of an alert. If no alert is triggered, the parameter value is null.

{
  "__time__": "1642334840",
  "count": "0"
}

Truncated

Indicates whether the raw query result is truncated. Valid values: true and false.

false