Updated on 2025-08-08 GMT+08:00

Creating an Alarm Conversion Rule

Scenarios

You can use an alarm conversion rule to configure incident and alarm rules based on service requirements. You can use an alarm conversion rule to convert raw alarms into aggregated alarms or incidents.

Prerequisites

Before configuring an alarm conversion rule, ensure that the monitoring system for which the forwarding rule you want to configure has been connected to Data Sources.

Constraints and Limitations

  • After an incident is generated based on an alarm conversion rule, if the incident meets another alarm conversion rule before it is completed or closed, the new incident will no longer be generated. This rule is enabled by default and can be disabled.
  • If you receive no raw alarms within the corresponding time window for generating aggregated alarms using alarm conversion rules, the system considers the alarms generated in the previous window period as historical alarms (that is, the current alarm status is set to Handled by default).

Creating an Alarm Conversion Rule

  1. Log in to COC.
  2. In the navigation tree on the left, choose Fault Management > Alarm Conversion Rules.
  3. Click Add Rule in the upper right corner.

    If the information in the two alarm conversion rules is similar, click Copy in the Operation column of the forwarding rule you want to copy to quickly create a forwarding rule.

  4. Set the basic information.

    Table 1 Basic information parameters

    Parameter

    Description

    Rule

    Specify the name of the alarm conversion rule you want to create.

    Region

    (Optional) Select a region from the drop-down list.

    If no region is selected, default is displayed, indicating that no region is required.

    Enterprise Project

    Select an enterprise project from the drop-down list.

    Application

    Select an application from the drop-down list.

  5. Set a trigger rule.

    Table 2 Parameters for configuring a trigger rule

    Parameter

    Description

    Trigger Type

    The options are Incident and Alarm.

    • Incident: An incident ticket is generated. The on-duty personnel need to handle the incident as soon as possible and continuously track the incident until it is closed.
    • Alarm: Alarms are generated and are manually or automatically based on contingency plans.

    Data Source

    Select a data source.

    A data source is the system where raw alarms are from.

    Before configuring alarm rules, ensure that alarm data has been integrated and enabled. When all conditions of a rule are met, the alarm conversion rule is triggered. For details about how to set data sources, see Creating an Alarm Conversion Rule.

    Triggering Conditions

    Select the key, comparison method, and value for the trigger criteria.

    A maximum of five trigger criteria can be added. For details about how to set the keys, see Table 3.

    Trigger Criteria

    Select a trigger rule.

    Incident Level

    This parameter is required only when Trigger Type is set to Incident. The options are P1, P2, P3, P4, and P5.

    P1 incidents are the most critical, while P5 incidents are the least severe.

    Silence Rule

    This parameter is required only when Trigger Type is set to Incident. Enable or disable this rule as required.

    After an incident is generated based on the alarm conversion rule, a new incident will be generated if the trigger criteria are met before the incident is completed or closed.

    Alarm Severity

    This parameter is required only when Trigger Type is set to Alarm. The value can be Critical, Major, Minor, or Warning.

    Table 3 Key parameters for the trigger criteria

    Key Parameter

    Description

    Alarm Field from Cloud Eye

    Alarm Field from AOM

    alarmId

    Alarm ID

    alarm_id

    id

    alarmName

    Alarm name

    alarm_name

    event_name in the metadata

    alarmLevel

    Alarm severity. The options are Critical, Major, Minor, and Warning.

    AlarmLevel

    event_severity

    time

    Time when an alarm is generated

    time

    starts_at

    nameSpace

    Service namespace

    namespace

    namespace

    region

    Region

    Region in template_variable

    /

    application

    Application name

    /

    /

    resourceName

    Resource name

    ResourceName in template_variable

    resource_id in the metadata

    resourceId

    Resource ID

    ResourceId in template_variable

    /

    alarmDesc

    Alarm description

    AlarmDesc in template_variable

    /

    URL

    Raw alarm URL

    Link in template_variable

    /

    alarmStatus

    Alarm status. The value can be alarm (active alarm) or ok (alarm handled).

    alarm_status

    /

    alarmSource

    Alarm source name. For example, if an alarm is reported from Cloud Eye, the value of this field is CES.

    /

    /

    additional

    Additional alarm information. Format: additional.xxx.

    Except the preceding parameters, other parameters are contained in this parameter and are represented by additional.xxx. For more information about fields on Cloud Eye, click here.

    Except the preceding parameters, other parameters are contained in this parameter and are represented by additional.xxx. For more information about fields on AOM, click here.

  6. Set the contingency plan.

    Table 4 Contingency plan parameters

    Parameter

    Description

    Task Type

    The options are Contingency plan, Script, and Job.

    Automatic Execution

    Determine whether to automatically execute what you have selected. Automatic contingency plans, scripts, and jobs can be automatically executed.

    • If you select Automatic Execution, Parameter Mapping will be displayed. The system automatically executes tasks based on the trigger criteria and settings.

      The parameter value, region ID, and target instance must be in the format of ${}. You need to use this expression to parse the corresponding value. For details, see Example of Automatic Parameter Execution.

    • If you deselect Automatic execution, you can click the link on the left to manually execute the task.

  7. Set Assignment Details.

    Table 5 Parameters for configuring a ticket dispatch rule

    Parameter

    Description

    Owner

    Select Shift or Individual.
    • Shift: Select a scenario and role from the drop-down lists based on the configured values. For details about how to configure a shift, see Shift Schedule Management.
    • Individual: Select an owner. For details about how to configure an owner, see O&M Engineer Management.

  8. Click OK.

    The alarm conversion rule is created.

Example of Automatic Parameter Execution

The parameter value, region ID, and target instance are in the format of ${}. You need to use this expression to parse the corresponding value.

Example:

Alarm information:

{

"alarmId": "al1696664837170EWbvx24kW",

"alarmName": "alarm-4z39coctest1007",

......

"URL": "https://console.***.com/ces/?region=***#/alarms/detail?alarmId=al16849986549022X5Vp4pxr",

"additional": {

"dimension": "instance_id:29d99a09-2d15-4ced-8723-6e94ae1c1472",

......

},

......

}

  • To obtain the value of alarmId in the current alarm information, use the following expression:
    ${currentAlarm.alarmId}
  • To obtain the UUID of instance_id from the additional.dimension string, use the following expression:
    ${string.substring(currentAlarm.additional.dimension, string.indexOf(currentAlarm.additional.dimension, 'instance_id:') + 12)}

    Alternatively, use the following content:

    ${string.substring(currentAlarm.additional.dimension, 12)}
  • To obtain the region ID of cn-north-7 from the URL string, use the following expression:
    ${string.substring(currentAlarm.URL, string.indexOf(currentAlarm.URL, 'region=') + 7, string.indexOf(currentAlarm.URL, '#/alarms'))}

    In the expression, currentAlarm. is a fixed prefix, which indicates that the data is obtained from the current alarm data.