Help Center> Log Tank Service> User Guide> Log Alarms> Alarm Rules> Configuring Keyword Alarms
Updated on 2024-02-28 GMT+08:00
View PDF

Configuring Keyword Alarms

LTS allows you to collect statistics on log keywords and set alarm rules to monitor them. By checking the number of keyword occurrences in a specified period, you can have a real-time view of the service running. Currently, up to 200 keyword alarms can be created for each account.

Prerequisites

You have created log groups and log streams.

Creating an Alarm Rule

  1. Log in to the LTS console, and choose Alarms in the navigation pane on the left.
  2. Click the Alarm Rules tab.
  3. Click Create. The Create Alarm Rule right panel is displayed.
  4. Configure an alarm rule.

    Table 1 Alarm rule parameters

    Parameter

    Description

    Check Rule

    Example

    Rule Name

    Name of the alarm rule.

    A name can contain 1 to 64 characters, including only letters, digits, hyphens (-), underscores (_), and periods (.). It cannot start with a period or underscore or end with a period.

    LTS-Alarm

    Description

    Rule description.

    It cannot exceed 64 characters.

    -

    Statistics

    Select By keyword.

    -

    By keyword

    Log Group Name

    Select a log group.

    -

    -

    Enterprise Project Name

    Select an enterprise project.

    This parameter is displayed only when the enterprise project function is enabled for the current account.

    -

    -

    Log Stream Name

    Select a log stream.

    -

    -

    Keywords

    Enter keywords that you want LTS to monitor in logs.

    Exact and fuzzy matches are supported. A keyword is case-sensitive and contains up to 1024 characters.

    hostIP:192

    Query Time Range

    Time range for the keyword query, which is one period earlier than the current time. For example, if Query Time Range is set to one hour and the current time is 9:00, the period of the keyword query is 8:00–9:00.

    • The value ranges from 1 to 60 in the unit of minutes.
    • The value ranges from 1 to 24 in the unit of hours.

    -

    1 hour

    Query Frequency

    The options for this parameter are:

    • Hourly: The query is performed at the top of each hour.
    • Daily: The query is run at a specific time every day.
    • Weekly: The query is run at a specific time on a specific day every week.
    • Custom interval: You can specify the interval from 1 minute to 60 minutes or from 1 hour to 24 hours. For example, if the current time is 9:00 and the Custom interval is set to 5 minutes, the first query is at 9:00, the second query is at 9:05, the third query is at 9:10, and so on.
      NOTE:

      When the query time range is set to a value larger than 1 hour, the query frequency must be set to every 5 minutes or a lower frequency.

    • CRON: CRON expressions support schedules down to the minute and use 24-hour format. Examples:
      • 0/10 * * * *: The query starts from 00:00 and is performed every 10 minutes. That is, queries start at 00:00, 00:10, 00:20, 00:30, 00:40, 00:50, 01:00, and so on. For example, if the current time is 16:37, the next query is at 16:50.
      • 0 0/5 * * *: The query starts from 00:00 and is performed every 5 hours at 00:00, 05:00, 10:00, 15:00, 20:00, and so on. For example, if the current time is 16:37, the next query is at 20:00.
      • 0 14 * * *: The query is performed at 14:00 every day.
      • 0 0 10 * *: The query is performed at 00:00 on the 10th day of every month.

    -

    Daily 01:00

    Matching Log Events

    When the number of log events that contain the configured keywords reaches the specified value, an alarm is triggered.

    Four comparison operators are supported: greater than (>), greater than or equal to (>=), less than (<), and less than or equal to (<=).

    Number of log events: 1–2,147,483,647

    > 10

    Triggers

    Configure a condition that will trigger the alarm.

    Specify the number of statistical periods and the number of times the condition must be met to trigger the alarm. The number of queries must be greater than or equal to the number of times the condition must be met.

    Number of queries: 1–10

    4, 2

    Restores

    Configure a policy for sending an alarm clearance notification.

    If alarm clearance notification is enabled and the trigger condition has not been met for the specified number of statistical periods, an alarm clearance notification is sent.

    Number of last queries: 3–10

    3

    Notify

    Specify whether to send a notification when the alarm is cleared. By default, this option is disabled.

    If this option is enabled, a notification will be sent when the policy is met.

    -

    Enabled

    Alarm Severity

    Possible values are critical (default), major, minor, and info.

    -

    Critical

    Send Notifications

    Possible values are No (default) and Yes.

    -

    No

    SMN Topic

    If you select Yes for Send Notifications, select a Simple Message Notification (SMN) topic, time zone, language, and message template. You can select multiple topics.

    This parameter is required when Send Notifications is set to Yes.

    -

  5. Click OK. The keyword alarm rule is created.

    You can also choose Log Management in the navigation pane, and select a log stream. On the Raw Logs tab page displayed, click in the upper right corner, and click Alarms Rules to create an alarm rule.

Modifying an Alarm Rule

  1. Click Modify in the Operation column of the row that contains the target alarm rule, and modify the parameters by referring to Table 1. Rule Name and Statistics cannot be modified.
  2. Click OK.

Deleting an Alarm Rule

  1. Click Delete in the Operation column of the row that contains the target alarm rule.

    Figure 1 Deleting an Alarm Rule

  2. Click OK.
Parent topic: Alarm Rules