Help Center/ Log Tank Service/ More Documents/ User Guide(Paris Regions)/ Log Alarms/ Alarm Rules/ Configuring Keyword Alarms
Updated on 2023-11-14 GMT+08:00
View PDF
Share

Configuring Keyword Alarms

LTS allows you to collect statistics on log keywords and set alarm rules to monitor them. By checking the number of keyword occurrences in a specified period, you can have a real-time view of the service running. Currently, up to 200 keyword alarms can be created for each account.

Prerequisites

You have created log groups and log streams.

Creating an Alarm Rule

  1. Log in to the LTS console, and choose Alarms in the navigation pane on the left.
  2. Click the Alarm Rules tab.
  3. Click Create. The Create Alarm Rule right panel is displayed.
  4. Configure an alarm rule.

    Table 1 Alarm rule parameters

    Parameter

    Description

    Verification Rule

    Example Value

    Rule Name

    Name of the alarm rule.

    The name can contain 1 to 64 characters including only letters, digits, hyphens (-), underscores (_), and periods (.). It cannot start with a period or underscore or end with a period.

    LTS-Alarm

    Description

    Rule description.

    Enter up to 64 characters.

    -

    Statistics

    Select By keyword.

    -

    By keyword

    Log Group Name

    Select a log group.

    -

    -

    Log Stream Name

    Select a log stream.

    -

    -

    Keywords

    Enter keywords that you want LTS to monitor in logs.

    Exact and fuzzy matches are supported. A keyword is case-sensitive and contains up to 1024 characters.

    hostIP:192

    Query Time Range

    Time range for the keyword query, which is one period earlier than the current time. For example, if the Query Time Range is set to one hour and the current time is 9:00, the period of the keyword query is 8:00–9:00.

    • The value ranges from 1 to 60 in the unit of minutes.
    • The value ranges from 1 to 24 in the unit of hours.

    -

    1 h

    Query Frequency

    The options for this parameter are:

    • Hourly: The query is performed at the top of each hour.
    • Daily: The query is run at a specific time every day.
    • Weekly: The query is run at a specific time on a specific day every week.
    • Custom interval: You can specify the interval from 1 minute to 60 minutes or from 1 hour to 24 hours. For example, if the current time is 9:00 and the Custom interval is set to 5 minutes, the first query is at 9:00, the second query is at 9:05, the third query is at 9:10, and so on.
      NOTE:

      When the query time range is set to a value larger than 1 hour, the query frequency must be set to every 5 minutes or a lower frequency.

    • CRON: CRON expressions support schedules down to the minute and use 24-hour format. Examples:
      • 0/10 * * * *: The query starts from 00:00 and is performed every 10 minutes. That is, queries start at 00:00, 00:10, 00:20, 00:30, 00:40, 00:50, 01:00, and so on. For example, if the current time is 16:37, the next query is at 16:50.
      • 0 0/5 * * *: The query starts from 00:00 and is performed every 5 hours at 00:00, 05:00, 10:00, 15:00, 20:00, and so on. For example, if the current time is 16:37, the next query is at 20:00.
      • 0 14 * * *: The query is run at 14:00 every day.
      • 0 0 10 * *: The query is run at 00:00 on the 10th day of every month.

    -

    Daily 01:00

    Matching Log Events

    When the number of log events that contain the configured keywords reaches the specified value, an alarm is triggered.

    Four comparison operators are supported: greater than (>), greater than or equal to (>=), less than (<), and less than or equal to (<=).

    The minimum value is 1 and the maximum value is 2147483647.

    >10

    Triggers

    Configure a condition that will trigger the alarm.

    Specify the number of statistical periods and the number of times the condition must be met to trigger the alarm. The number of statistical periods must be greater than or equal to the number of times the condition must be met.

    Statistical periods: 1–10

    4, 2

    Alarm Severity

    Possible values are critical (default), major, minor, and info.

    -

    critical

    Send Notifications

    Possible values are No (default) and Yes.

    -

    No

    SMN Topic

    If you select Yes for Send Notifications, select a Simple Message Notification (SMN) topic. You can select multiple topics.

    If there are no topics that you desire, click Create Topic.

    If you want to change the time zone or language, click Modify and set the preferences in the account center.

    This parameter is required when Send Notifications is set to Yes.

    -

  5. Click OK. The keyword alarm rule is created.

    You can also choose Log Management in the navigation pane, and select a log stream. On the page displayed, click the Raw Logs tab and click in the upper right corner. On the Settings page displayed, click the Alarms Rules tab and Create to create an alarm rule.

    After an alarm rule is created, Status is enabled by default. When Status is enabled, an alarm will be triggered if the alarm rule is met. When Status is disabled, an alarm will not be triggered even if the alarm rule is met.

Modifying an Alarm Rule

  1. Click Modify in the Operation column of the row that contains the target alarm rule, and modify the parameters by referring to Table 1. Rule Name and Statistics cannot be modified.
  2. Click OK.

Deleting an Alarm Rule

  1. Click Delete in the Operation column of the row that contains the target alarm rule, and click OK.
Parent topic: Alarm Rules