Updated on 2023-11-29 GMT+08:00

Configuring Keyword Alarms

LTS allows you to collect statistics on log keywords and set alarm rules to monitor them. By checking the number of keyword occurrences in a specified period, you can have a real-time view of the service running. Currently, up to 200 keyword alarms can be created for each account.

Prerequisites

You have created log groups and log streams.

Creating an Alarm Rule

  1. Log in to the LTS console, and choose Alarms in the navigation pane on the left.
  2. Click the Alarm Rules tab.

    Figure 1 Alarm Rules tab

  3. Click Create. The Create Alarm Rule right panel is displayed.
  4. Configure an alarm rule.

    Table 1 Alarm rule parameters

    Parameter

    Description

    Verification Rule

    Example Value

    Rule Name

    Name of the alarm rule.

    The name can contain 1 to 64 characters including only letters, digits, hyphens (-), underscores (_), and periods (.). It cannot start with a period or underscore or end with a period.

    LTS-Alarm

    Description

    Rule description.

    Enter up to 64 characters.

    -

    Statistics

    Select By keyword.

    -

    By keyword

    Log Group Name

    Select a log group.

    -

    -

    Enterprise Project Name

    Select an enterprise project.

    This parameter is displayed only when the enterprise project function is enabled for the current account.

    -

    -

    Log Stream Name

    Select a log stream.

    -

    -

    Keywords

    Enter keywords that you want LTS to monitor in logs.

    Exact and fuzzy matches are supported. A keyword is case-sensitive and contains up to 1024 characters.

    hostIP:192

    Query Time Range

    Time range for the keyword query, which is one period earlier than the current time. For example, if the Query Time Range is set to one hour and the current time is 9:00, the period of the keyword query is 8:00–9:00.

    • The value ranges from 1 to 60 in the unit of minutes.
    • The value ranges from 1 to 24 in the unit of hours.

    -

    1 h

    Query Frequency

    The options for this parameter are:

    • Hourly: The query is performed at the top of each hour.
    • Daily: The query is run at a specific time every day.
    • Weekly: The query is run at a specific time on a specific day every week.
    • Custom interval: You can specify the interval from 1 minute to 60 minutes or from 1 hour to 24 hours. For example, if the current time is 9:00 and the Custom interval is set to 5 minutes, the first query is at 9:00, the second query is at 9:05, the third query is at 9:10, and so on.
      NOTE:

      When the query time range is set to a value larger than 1 hour, the query frequency must be set to every 5 minutes or a lower frequency.

    • CRON: CRON expressions support schedules down to the minute and use 24-hour format. Examples:
      • 0/10 * * * *: The query starts from 00:00 and is performed every 10 minutes. That is, queries start at 00:00, 00:10, 00:20, 00:30, 00:40, 00:50, 01:00, and so on. For example, if the current time is 16:37, the next query is at 16:50.
      • 0 0/5 * * *: The query starts from 00:00 and is performed every 5 hours at 00:00, 05:00, 10:00, 15:00, 20:00, and so on. For example, if the current time is 16:37, the next query is at 20:00.
      • 0 14 * * *: The query is run at 14:00 every day.
      • 0 0 10 * *: The query is run at 00:00 on the 10th day of every month.

    -

    Daily 01:00

    Matching Log Events

    When the number of log events that contain the configured keywords reaches the specified value, an alarm is triggered.

    Four comparison operators are supported: greater than (>), greater than or equal to (>=), less than (<), and less than or equal to (<=).

    The minimum value is 1 and the maximum value is 2147483647.

    >10

    Triggers

    Configure a condition that will trigger the alarm.

    Specify the number of statistical periods and the number of times the condition must be met to trigger the alarm. The number of statistical periods must be greater than or equal to the number of times the condition must be met.

    Statistical periods: 1–10

    4, 2

    Restores

    Configure a policy for sending an alarm clearance notification.

    If alarm clearance notification is enabled and the trigger condition has not been met for the specified number of statistical periods, an alarm clearance notification is sent.

    Last statistical periods: 3–10

    3

    Notify

    Specify whether to send a notification when the alarm is cleared. By default, this option is disabled.

    If this option is enabled, a notification will be sent when the policy is met.

    -

    Enabled

    Alarm Severity

    Possible values are critical (default), major, minor, and info.

    -

    critical

    Send Notifications

    Possible values are No (default) and Yes.

    -

    No

    SMN Topic

    If you select Yes for Send Notifications, select a Simple Message Notification (SMN) topic. You can select multiple topics.

    If there are no topics that you desire, click Create Topic.

    If you want to change the time zone or language, click Modify and set the preferences in the account center.

    This parameter is required when Send Notifications is set to Yes.

    -

    Figure 2 Creating an alarm rule

  5. Click OK. The keyword alarm rule is created.

    You can also choose Log Management in the navigation pane, and select a log stream. On the Raw Logs tab page displayed, click in the upper right corner, and click Alarms Rules to create an alarm rule.

    After an alarm rule is created, Status is enabled by default. When Status is enabled, an alarm will be triggered if the alarm rule is met. When Status is disabled, an alarm will not be triggered even if the alarm rule is met.

Modifying an Alarm Rule

  1. Click Modify in the Operation column of the row that contains the target alarm rule, and modify the parameters by referring to Table 1. Rule Name and Statistics cannot be modified.
  2. Click OK.

Deleting an Alarm Rule

  1. Click Delete in the Operation column of the row that contains the target alarm rule, and click OK.

    Figure 3 Deleting an Alarm Rule