Configuring Keyword Alarms

Prerequisites

You have created log groups and log streams.

Creating an Alarm Rule

1. Log in to the LTS console, and choose Alarms in the navigation pane on the left.
2. Click the Alarm Rules tab.
   Figure 1 Alarm Rules tab
   

3. Click Create. The Create Alarm Rule right panel is displayed.
4. Configure an alarm rule.

   Table 1 Alarm rule parameters

   Parameter	Description	Verification Rule	Example Value
   Rule Name	Name of the alarm rule.	The name can contain 1 to 64 characters including only letters, digits, hyphens (-), underscores (_), and periods (.). It cannot start with a period or underscore or end with a period.	LTS-Alarm
   Description	Rule description.	Enter up to 64 characters.	-
   Statistics	Select By keyword.	-	By keyword
   Log Group Name	Select a log group.	-	-
   Enterprise Project Name	Select an enterprise project. This parameter is displayed only when the enterprise project function is enabled for the current account.	-	-
   Log Stream Name	Select a log stream.	-	-
   Keywords	Enter keywords that you want LTS to monitor in logs.	Exact and fuzzy matches are supported. A keyword is case-sensitive and contains up to 1024 characters.	hostIP:192
   Query Time Range	Time range for the keyword query, which is one period earlier than the current time. For example, if the Query Time Range is set to one hour and the current time is 9:00, the period of the keyword query is 8:00–9:00. The value ranges from 1 to 60 in the unit of minutes. The value ranges from 1 to 24 in the unit of hours.	-	1 h
   Query Frequency	The options for this parameter are: Hourly: The query is performed at the top of each hour. Daily: The query is run at a specific time every day. Weekly: The query is run at a specific time on a specific day every week. Custom interval: You can specify the interval from 1 minute to 60 minutes or from 1 hour to 24 hours. For example, if the current time is 9:00 and the Custom interval is set to 5 minutes, the first query is at 9:00, the second query is at 9:05, the third query is at 9:10, and so on. NOTE: When the query time range is set to a value larger than 1 hour, the query frequency must be set to every 5 minutes or a lower frequency. CRON: CRON expressions support schedules down to the minute and use 24-hour format. Examples: 0/10 * * * *: The query starts from 00:00 and is performed every 10 minutes. That is, queries start at 00:00, 00:10, 00:20, 00:30, 00:40, 00:50, 01:00, and so on. For example, if the current time is 16:37, the next query is at 16:50. 0 0/5 * * *: The query starts from 00:00 and is performed every 5 hours at 00:00, 05:00, 10:00, 15:00, 20:00, and so on. For example, if the current time is 16:37, the next query is at 20:00. 0 14 * * *: The query is run at 14:00 every day. 0 0 10 * *: The query is run at 00:00 on the 10th day of every month.	-	Daily 01:00
   Matching Log Events	When the number of log events that contain the configured keywords reaches the specified value, an alarm is triggered. Four comparison operators are supported: greater than (>), greater than or equal to (>=), less than (<), and less than or equal to (<=).	The minimum value is 1 and the maximum value is 2147483647.	>10
   Triggers	Configure a condition that will trigger the alarm. Specify the number of statistical periods and the number of times the condition must be met to trigger the alarm. The number of statistical periods must be greater than or equal to the number of times the condition must be met.	Statistical periods: 1–10	4, 2
   Restores	Configure a policy for sending an alarm clearance notification. If alarm clearance notification is enabled and the trigger condition has not been met for the specified number of statistical periods, an alarm clearance notification is sent.	Last statistical periods: 3–10	3
   Notify	Specify whether to send a notification when the alarm is cleared. By default, this option is disabled. If this option is enabled, a notification will be sent when the policy is met.	-	Enabled
   Alarm Severity	Possible values are critical (default), major, minor, and info.	-	critical
   Send Notifications	Possible values are No (default) and Yes.	-	No
   SMN Topic	If you select Yes for Send Notifications, select a Simple Message Notification (SMN) topic. You can select multiple topics. If there are no topics that you desire, click Create Topic. If you want to change the time zone or language, click Modify and set the preferences in the account center.	This parameter is required when Send Notifications is set to Yes.	-

   Figure 2 Creating an alarm rule
   

5. Click OK. The keyword alarm rule is created.

   You can also choose Log Management in the navigation pane, and select a log stream. On the Raw Logs tab page displayed, click in the upper right corner, and click Alarms Rules to create an alarm rule.

   

   After an alarm rule is created, Status is enabled by default. When Status is enabled, an alarm will be triggered if the alarm rule is met. When Status is disabled, an alarm will not be triggered even if the alarm rule is met.

Modifying an Alarm Rule

1. Click Modify in the Operation column of the row that contains the target alarm rule, and modify the parameters by referring to Table 1. Rule Name and Statistics cannot be modified.
2. Click OK.

Deleting an Alarm Rule

1. Click Delete in the Operation column of the row that contains the target alarm rule, and click OK.
   Figure 3 Deleting an Alarm Rule