Configuring SQL Alarm Rules

Prerequisites

• You have structured logs using the new edition of log structuring.
• You have created charts for log streams.

Creating an Alarm Rule

1. Log in to the LTS console, and choose Alarms in the navigation pane on the left.
2. Click the Alarm Rules tab.
3. Click Create. The Create Alarm Rule right panel is displayed.
4. Configure an alarm rule.

   Table 1 Parameters for setting a SQL alarm condition

   Category	Parameter	Description
   Basic Info	Rule Name	Name of the alarm rule. A name can contain 1 to 64 characters, including only letters, digits, hyphens (-), and underscores (_). It cannot start or end with a hyphen or underscore. NOTE: After an alarm is created, the rule name can be modified. After the modification, move the cursor over the rule name. The new and original rule names are displayed. The original rule name created for the first time cannot be changed.
   	Description	Rule description. Enter up to 64 characters.
   Statistical analysis	Statistics	By SQL: applicable to the scenarios where alarm rules are configured based on the old SQL engine.
   	Charts	You can add a chart in two ways. Click Configure from Scratch and set the following parameters: Log Group Name: (Required) Select a log group. Log Stream Name: (Required) Select a log stream. NOTE: If the logs in the log stream have not been structured, configure log structuring first. Query Time Range: (Optional) Set this parameter to 1 to 60 minutes or 1 to 24 hours. Query Statement: Required. Click . On the displayed Custom page, select a log group and stream, select a chart, and click OK. If there are no charts available or the charts do not fit your needs, click Create Chart. Configure the chart parameters, click OK, and click Save and Back in the upper right corner to return to the Create Alarm Rule right panel. You can see that the chart you just created has been selected, and the query statement has been filled in. Specify the query time range (1 to 60 minutes or 1 to 24 hours). When the query frequency is set to every 1 to 4 minutes, the query time range can only be set to a value no larger than 1 hour. You can continue to add more charts by clicking . NOTE: Click to go to the visualization page of the log stream. Click to delete an added chart. Click Preview to view the data after visualized analysis. You must click Preview; otherwise, the alarm rule cannot be saved. Up to three charts can be added. The chart and the query statement are required.
   	Check Rule	Enter a specific conditional expression. When the expression execution result is true, an alarm is generated. NOTE: Condition expressions support Chinese characters. Condition expressions cannot contain only digits or start with a digit. Basic syntax and syntax across multiple charts are supported. Basic syntax Basic arithmetic operators: addition (+), subtraction (–), multiplication (*), division (/), and modulo (%). Example: x * 10 + y > 100 Comparison operators: greater than (>), greater than or equal to (>=), less than (<), less than or equal to (<=), equal to (==), and not equal to (!=). Example: x >= 100. Logical operators: && (and) and || (or). Example: x > 0 && y < 200 Logical negation (!). Example: !(x < 1 && x > 100) Numeric constants: They are processed as 64-bit floating point numbers. Example: x > 10 String constants. Example: str =="string" Boolean constants: true and false. Example: (x < 100)!=true Parentheses: Parentheses are used to change the order of operations. Example: x *(y + 10) < 200 contains function: It is used to check whether a string contains a substring. For example, if you run contains(str, "hello") and true is returned, the string contains the hello substring. Syntax across multiple charts Basic arithmetic operators: addition (+), subtraction (–), multiplication (*), division (/), and modulo (%). Comparison operators: greater than (>), greater than or equal to (>=), less than (<), less than or equal to (<=), equal to (==), and not equal to (!=). Logical operators: && (and) and || (or). Logical negation (!) contains function Parentheses () NOTE: Specify the number of queries and the number of times the condition must be met to trigger the alarm. The number of queries must be greater than or equal to the number of times the condition must be met. The alarm severity can be critical (default), major, minor, or info. Number of queries: 1–10
   Advanced Settings	Query Frequency	The options for this parameter are: Hourly: The query is performed at the top of each hour. Daily: The query is run at a specific time every day. Weekly: The query is run at a specific time on a specific day every week. Custom interval: You can specify the interval from 1 minute to 60 minutes or from 1 hour to 24 hours. For example, if the current time is 9:00 and the Custom interval is set to 5 minutes, the first query is at 9:00, the second query is at 9:05, the third query is at 9:10, and so on. NOTE: When the query time range is set to a value larger than 1 hour, the query frequency must be set to every 5 minutes or a lower frequency. CRON: CRON expressions support schedules down to the minute and use 24-hour format. Examples: 0/10 * * * *: The query starts from 00:00 and is performed every 10 minutes at 00:00, 00:10, 00:20, 00:30, 00:40, 00:50, 01:00, and so on. For example, if the current time is 16:37, the next query is at 16:50. 0 0/5 * * *: The query starts from 00:00 and is performed every 5 hours at 00:00, 05:00, 10:00, 15:00, 20:00, and so on. For example, if the current time is 16:37, the next query is at 20:00. 0 14 * * *: The query is performed at 14:00 every day. 0 0 10 * *: The query is performed at 00:00 on the 10th day of every month.
   Advanced Settings	Restores	Configure a policy for sending an alarm clearance notification. If alarm clearance notification is enabled and the trigger condition has not been met for the specified number of statistical periods, an alarm clearance notification is sent. Last statistical periods: 1–10
   Advanced Settings	Notify When	Alarm triggered: Specify whether to send a notification when an alarm is triggered. If this option is enabled, an alarm notification will be sent when the trigger condition is met. Alarm cleared: Specify whether to send a notification when an alarm is cleared. If this option is enabled, a notification will be sent when the policy is met.
   Advanced Settings	Frequency	You can select Once, Every 5 minutes, Every 10 minutes, Every 15 minutes, Every 30 minutes, Every hour, Every 3 hours, or Every 6 hours to send alarms. Once indicates that a notification is sent once an alarm is generated. Every 10 minutes indicates that the minimum interval between two notifications is 10 minutes, preventing alarm storms.
   Advanced Settings	Alarm Action Rules	Select a created alarm action rule from the drop-down list. If no alarm action rule is available, click Create Alarm Action Rule on the right. For details, see Creating an Alarm Action Rule.
   Advanced Settings	Language	Specify the language (Chinese (simplified) or English) in which alarms are sent.

5. Click OK.

Follow-up Operations on Alarm Rules

• You can perform the following operations on a single alarm rule.

  Modifying an alarm rule: Click in the Operation column of the row that contains the target alarm rule and modify parameters according to Table 1. You can modify the rule name. After the modification is complete, move the cursor over the rule name. The new and original rule names are displayed. The original rule name created for the first time cannot be changed.

  Enabling an alarm rule: Click in the Operation column of the row that contains the target alarm rule. (The enabling button is displayed only after the alarm rule is disabled.)

  Disabling an alarm rule: Click in the Operation column of the row that contains the target alarm rule. (The disabling button is displayed only after the alarm rule is enabled.)

  Temporarily disabling the alarm rule: Click in the Operation column of the row that contains the target alarm rule and set the end time for temporarily disabling the alarm rule.

  Copying an alarm rule: Click in the Operation column of the row that contains the target alarm rule.

  Deleting an alarm rule: Click in the Operation column of the row that contains the target alarm rule, and click OK.

• After selecting multiple alarm rules, you can perform the following operations on the alarms: Open, Close, Disable Temporarily, Re-Enable, Enable Clearance, Disable Clearance, Delete, and Export.