Creating an Alarm Conversion Rule
Scenarios
You can use an alarm conversion rule to configure incident and alarm rules based on service requirements. You can use an alarm conversion rule to convert raw alarms into aggregated alarms or incidents.
Prerequisites
Before configuring an alarm conversion rule, ensure that the monitoring system for which the forwarding rule you want to configure has been connected to Data Sources.
Constraints and Limitations
- After an incident is generated based on an alarm conversion rule, if the incident meets another alarm conversion rule before it is completed or closed, the new incident will no longer be generated. This rule is enabled by default and can be disabled.
- If you receive no raw alarms within the corresponding time window for generating aggregated alarms using alarm conversion rules, the system considers the alarms generated in the previous window period as historical alarms (that is, the current alarm status is set to Handled by default).
Creating an Alarm Conversion Rule
- Log in to COC.
- In the navigation tree on the left, choose Fault Management > Alarm Conversion Rules.
- Click Add Rule in the upper right corner.
If the information in the two alarm conversion rules is similar, click Copy in the Operation column of the forwarding rule you want to copy to quickly create a forwarding rule.
- Set the basic information.
Table 1 Basic information parameters Parameter
Description
Rule
Specify the name of the alarm conversion rule you want to create.
Region
(Optional) Select a region from the drop-down list.
If no region is selected, default is displayed, indicating that no region is required.
Enterprise Project
Select an enterprise project from the drop-down list.
Application
Select an application from the drop-down list.
- Set a trigger rule.
Table 2 Parameters for configuring a trigger rule Parameter
Description
Trigger Type
The options are Incident and Alarm.
- Incident: An incident ticket is generated. The on-duty personnel need to handle the incident as soon as possible and continuously track the incident until it is closed.
- Alarm: Alarms are generated and are manually or automatically based on contingency plans.
Data Source
Select a data source.
A data source is the system where raw alarms are from.
Before configuring alarm rules, ensure that alarm data has been integrated and enabled. When all conditions of a rule are met, the alarm conversion rule is triggered. For details about how to set data sources, see Creating an Alarm Conversion Rule.
Triggering Conditions
Select the key, comparison method, and value for the trigger criteria.
A maximum of five trigger criteria can be added. For details about how to set the keys, see Table 3.
Trigger Criteria
Select a trigger rule.
Incident Level
This parameter is required only when Trigger Type is set to Incident. The options are P1, P2, P3, P4, and P5.
P1 incidents are the most critical, while P5 incidents are the least severe.
Silence Rule
This parameter is required only when Trigger Type is set to Incident. Enable or disable this rule as required.
After an incident is generated based on the alarm conversion rule, a new incident will be generated if the trigger criteria are met before the incident is completed or closed.
Alarm Severity
This parameter is required only when Trigger Type is set to Alarm. The value can be Critical, Major, Minor, or Warning.
Table 3 Key parameters for the trigger criteria Key Parameter
Description
Alarm Field from Cloud Eye
Alarm Field from AOM
alarmId
Alarm ID
alarm_id
id
alarmName
Alarm name
alarm_name
event_name in the metadata
alarmLevel
Alarm severity. The options are Critical, Major, Minor, and Warning.
AlarmLevel
event_severity
time
Time when an alarm is generated
time
starts_at
nameSpace
Service namespace
namespace
namespace
region
Region
Region in template_variable
/
application
Application name
/
/
resourceName
Resource name
ResourceName in template_variable
resource_id in the metadata
resourceId
Resource ID
ResourceId in template_variable
/
alarmDesc
Alarm description
AlarmDesc in template_variable
/
URL
Raw alarm URL
Link in template_variable
/
alarmStatus
Alarm status. The value can be alarm (active alarm) or ok (alarm handled).
alarm_status
/
alarmSource
Alarm source name. For example, if an alarm is reported from Cloud Eye, the value of this field is CES.
/
/
additional
Additional alarm information. Format: additional.xxx.
Except the preceding parameters, other parameters are contained in this parameter and are represented by additional.xxx. For more information about fields on Cloud Eye, click here.
Except the preceding parameters, other parameters are contained in this parameter and are represented by additional.xxx. For more information about fields on AOM, click here.
- Set the contingency plan.
Table 4 Contingency plan parameters Parameter
Description
Task Type
The options are Contingency plan, Script, and Job.
Automatic Execution
Determine whether to automatically execute what you have selected. Automatic contingency plans, scripts, and jobs can be automatically executed.
- If you select Automatic Execution, Parameter Mapping will be displayed. The system automatically executes tasks based on the trigger criteria and settings.
The parameter value, region ID, and target instance must be in the format of ${}. You need to use this expression to parse the corresponding value. For details, see Example of Automatic Parameter Execution.
- If you deselect Automatic execution, you can click the link on the left to manually execute the task.
- If you select Automatic Execution, Parameter Mapping will be displayed. The system automatically executes tasks based on the trigger criteria and settings.
- Set Assignment Details.
Table 5 Parameters for configuring a ticket dispatch rule Parameter
Description
Owner
Select Shift or Individual.- Shift: Select a scenario and role from the drop-down lists based on the configured values. For details about how to configure a shift, see Shift Schedule Management.
- Individual: Select an owner. For details about how to configure an owner, see O&M Engineer Management.
- Click OK.
The alarm conversion rule is created.
Example of Automatic Parameter Execution
The parameter value, region ID, and target instance are in the format of ${}. You need to use this expression to parse the corresponding value.
Example:
Alarm information:
{
"alarmId": "al1696664837170EWbvx24kW",
"alarmName": "alarm-4z39coctest1007",
......
"URL": "https://console.***.com/ces/?region=***#/alarms/detail?alarmId=al16849986549022X5Vp4pxr",
"additional": {
"dimension": "instance_id:29d99a09-2d15-4ced-8723-6e94ae1c1472",
......
},
......
}
- To obtain the value of alarmId in the current alarm information, use the following expression:
${currentAlarm.alarmId}
- To obtain the UUID of instance_id from the additional.dimension string, use the following expression:
${string.substring(currentAlarm.additional.dimension, string.indexOf(currentAlarm.additional.dimension, 'instance_id:') + 12)}
Alternatively, use the following content:
${string.substring(currentAlarm.additional.dimension, 12)}
- To obtain the region ID of cn-north-7 from the URL string, use the following expression:
${string.substring(currentAlarm.URL, string.indexOf(currentAlarm.URL, 'region=') + 7, string.indexOf(currentAlarm.URL, '#/alarms'))}
In the expression, currentAlarm. is a fixed prefix, which indicates that the data is obtained from the current alarm data.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot