更新告警规则
功能介绍
Update alert rule
调用方法
请参见如何调用API。
URI
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id}
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
project_id |
是 |
String |
项目 ID。Project ID. 最小长度:32 最大长度:36 |
workspace_id |
是 |
String |
工作空间 ID。Workspace ID. 最小长度:32 最大长度:36 |
rule_id |
是 |
String |
告警规则 ID。Alert rule ID. 最小长度:36 最大长度:36 |
请求参数
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
X-Auth-Token |
是 |
String |
用户Token,通过调用IAM服务获取用户Token接口获取。 IAM user token, fetch from IAM api. 最小长度:1 最大长度:2097152 |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
rule_name |
否 |
String |
告警规则名称。Alert rule name. 最小长度:1 最大长度:255 |
description |
否 |
String |
描述。Description. 最小长度:0 最大长度:1024 |
query |
否 |
String |
查询语句。Query. 最小长度:1 最大长度:1024 |
query_type |
否 |
String |
查询语法,SQL。Query type. SQL. 缺省值:SQL 最小长度:1 最大长度:255 枚举值:
|
status |
否 |
String |
启用状态,启用、停用。Status, enabled, disabled. 缺省值:ENABLED 最小长度:1 最大长度:255 枚举值:
|
severity |
否 |
String |
严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL 缺省值:TIPS 最小长度:1 最大长度:255 枚举值:
|
custom_properties |
否 |
Map<String,String> |
自定义扩展信息。Custom properties. |
alert_type |
否 |
Map<String,String> |
告警类型。Alert type. |
event_grouping |
否 |
Boolean |
告警分组。Event grouping. 缺省值:true |
suppression |
否 |
Boolean |
告警抑制。Suppression 缺省值:true |
simulation |
否 |
Boolean |
模拟告警。Simulation. 缺省值:true |
schedule |
否 |
Schedule object |
|
triggers |
否 |
Array of AlertRuleTrigger objects |
告警触发规则。Alert triggers. 数组长度:1 - 5 |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
frequency_interval |
是 |
Integer |
调度间隔。Frequency interval. 最小值:1 最大值:60 |
frequency_unit |
是 |
String |
调度间隔单位,分钟、小时、天。Frequency unit. MINUTE, HOUR, DAY. 最小长度:1 最大长度:255 枚举值:
|
period_interval |
是 |
Integer |
时间窗口间隔。Period interval. 最小值:1 最大值:60 |
period_unit |
是 |
String |
时间窗口单位,分钟、小时、天。Period unit. MINUTE, HOUR, DAY. 最小长度:1 最大长度:255 枚举值:
|
delay_interval |
否 |
Integer |
延迟间隔。Delay interval 最小值:0 最大值:10 缺省值:0 |
overtime_interval |
否 |
Integer |
超时间隔。Overtime interval 最小值:0 最大值:10 缺省值:10 |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
mode |
否 |
String |
模式,数量。Mode. COUNT. 缺省值:COUNT 最小长度:1 最大长度:255 枚举值:
|
operator |
否 |
String |
操作符,等于、不等于、大于、小于。 operator. EQ equal, NE not equal, GT greater than, LT less than. 缺省值:GT 最小长度:1 最大长度:255 枚举值:
|
expression |
是 |
String |
expression 最小长度:1 最大长度:255 |
severity |
否 |
String |
严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL 最小长度:1 最大长度:255 枚举值:
|
accumulated_times |
否 |
Integer |
accumulated_times 最小值:1 最大值:1000 缺省值:1 |
响应参数
状态码: 200
参数 |
参数类型 |
描述 |
---|---|---|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
参数 |
参数类型 |
描述 |
---|---|---|
rule_id |
String |
告警规则 ID。Alert rule ID. 最小长度:36 最大长度:36 |
pipe_id |
String |
数据管道 ID。Pipe ID. 最小长度:36 最大长度:36 |
pipe_name |
String |
数据管道名称。Pipe name. 最小长度:5 最大长度:63 |
create_by |
String |
创建人。Create by. 最小长度:1 最大长度:255 |
create_time |
Long |
创建时间。Create time. 最小值:0 最大值:9223372036854775807 |
update_by |
String |
更新人。Update by. 最小长度:1 最大长度:255 |
update_time |
Long |
更新时间。Update time. 最小值:0 最大值:9223372036854775807 |
delete_time |
Long |
删除时间。Delete time. 最小值:0 最大值:9223372036854775807 |
rule_name |
String |
告警规则名称。Alert rule name. 最小长度:1 最大长度:255 |
query |
String |
查询语句。Query. 最小长度:1 最大长度:1024 |
query_type |
String |
查询语法,SQL。Query type. SQL. 缺省值:SQL 最小长度:1 最大长度:255 枚举值:
|
status |
String |
启用状态,启用、停用。Status, enabled, disabled. 缺省值:ENABLED 最小长度:1 最大长度:255 枚举值:
|
severity |
String |
严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL 缺省值:TIPS 最小长度:1 最大长度:255 枚举值:
|
custom_properties |
Map<String,String> |
自定义扩展信息。Custom properties. |
event_grouping |
Boolean |
告警分组。Event grouping. 缺省值:true |
schedule |
Schedule object |
|
triggers |
Array of AlertRuleTrigger objects |
告警触发规则。Alert triggers. 数组长度:1 - 5 |
参数 |
参数类型 |
描述 |
---|---|---|
frequency_interval |
Integer |
调度间隔。Frequency interval. 最小值:1 最大值:60 |
frequency_unit |
String |
调度间隔单位,分钟、小时、天。Frequency unit. MINUTE, HOUR, DAY. 最小长度:1 最大长度:255 枚举值:
|
period_interval |
Integer |
时间窗口间隔。Period interval. 最小值:1 最大值:60 |
period_unit |
String |
时间窗口单位,分钟、小时、天。Period unit. MINUTE, HOUR, DAY. 最小长度:1 最大长度:255 枚举值:
|
delay_interval |
Integer |
延迟间隔。Delay interval 最小值:0 最大值:10 缺省值:0 |
overtime_interval |
Integer |
超时间隔。Overtime interval 最小值:0 最大值:10 缺省值:10 |
参数 |
参数类型 |
描述 |
---|---|---|
mode |
String |
模式,数量。Mode. COUNT. 缺省值:COUNT 最小长度:1 最大长度:255 枚举值:
|
operator |
String |
操作符,等于、不等于、大于、小于。 operator. EQ equal, NE not equal, GT greater than, LT less than. 缺省值:GT 最小长度:1 最大长度:255 枚举值:
|
expression |
String |
expression 最小长度:1 最大长度:255 |
severity |
String |
严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL 最小长度:1 最大长度:255 枚举值:
|
accumulated_times |
Integer |
accumulated_times 最小值:1 最大值:1000 缺省值:1 |
状态码: 400
参数 |
参数类型 |
描述 |
---|---|---|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
请求示例
更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。
{ "rule_name" : "Alert rule", "query" : "* | select status, count(*) as count group by status", "query_type" : "SQL", "status" : "ENABLED", "severity" : "TIPS", "custom_properties" : { "references" : "https://localhost/references", "maintainer" : "isap" }, "event_grouping" : true, "schedule" : { "frequency_interval" : 5, "frequency_unit" : "MINUTE", "period_interval" : 5, "period_unit" : "MINUTE", "delay_interval" : 2, "overtime_interval" : 10 }, "triggers" : [ { "mode" : "COUNT", "operator" : "GT", "expression" : 10, "severity" : "TIPS" } ] }
响应示例
状态码: 200
请求成功
{ "rule_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950", "pipe_id" : "772fb35b-83bc-46c9-a0b1-ebe31070a889", "create_by" : "582dd19dd99d4505a1d7929dc943b169", "create_time" : 1665221214, "update_by" : "582dd19dd99d4505a1d7929dc943b169", "update_time" : 1665221214, "delete_time" : 0, "rule_name" : "Alert rule", "query" : "* | select status, count(*) as count group by status", "query_type" : "SQL", "status" : "ENABLED", "severity" : "TIPS", "custom_properties" : { "references" : "https://localhost/references", "maintainer" : "isap" }, "event_grouping" : true, "schedule" : { "frequency_interval" : 5, "frequency_unit" : "MINUTE", "period_interval" : 5, "period_unit" : "MINUTE", "delay_interval" : 2, "overtime_interval" : 10 }, "triggers" : [ { "mode" : "COUNT", "operator" : "GT", "expression" : 10, "severity" : "TIPS" } ] }
SDK代码示例
SDK代码示例如下。
更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.secmaster.v2.region.SecMasterRegion; import com.huaweicloud.sdk.secmaster.v2.*; import com.huaweicloud.sdk.secmaster.v2.model.*; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.util.HashMap; public class UpdateAlertRuleSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); SecMasterClient client = SecMasterClient.newBuilder() .withCredential(auth) .withRegion(SecMasterRegion.valueOf("<YOUR REGION>")) .build(); UpdateAlertRuleRequest request = new UpdateAlertRuleRequest(); UpdateAlertRuleRequestBody body = new UpdateAlertRuleRequestBody(); List<AlertRuleTrigger> listbodyTriggers = new ArrayList<>(); listbodyTriggers.add( new AlertRuleTrigger() .withMode(AlertRuleTrigger.ModeEnum.fromValue("COUNT")) .withOperator(AlertRuleTrigger.OperatorEnum.fromValue("GT")) .withExpression("10") .withSeverity(AlertRuleTrigger.SeverityEnum.fromValue("TIPS")) ); Schedule schedulebody = new Schedule(); schedulebody.withFrequencyInterval(5) .withFrequencyUnit(Schedule.FrequencyUnitEnum.fromValue("MINUTE")) .withPeriodInterval(5) .withPeriodUnit(Schedule.PeriodUnitEnum.fromValue("MINUTE")) .withDelayInterval(2) .withOvertimeInterval(10); Map<String, String> listbodyCustomProperties = new HashMap<>(); listbodyCustomProperties.put("references", "https://localhost/references"); listbodyCustomProperties.put("maintainer", "isap"); body.withTriggers(listbodyTriggers); body.withSchedule(schedulebody); body.withEventGrouping(true); body.withCustomProperties(listbodyCustomProperties); body.withSeverity(UpdateAlertRuleRequestBody.SeverityEnum.fromValue("TIPS")); body.withStatus(UpdateAlertRuleRequestBody.StatusEnum.fromValue("ENABLED")); body.withQueryType(UpdateAlertRuleRequestBody.QueryTypeEnum.fromValue("SQL")); body.withQuery("* | select status, count(*) as count group by status"); body.withRuleName("Alert rule"); request.withBody(body); try { UpdateAlertRuleResponse response = client.updateAlertRule(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdksecmaster.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] credentials = BasicCredentials(ak, sk) client = SecMasterClient.new_builder() \ .with_credentials(credentials) \ .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \ .build() try: request = UpdateAlertRuleRequest() listTriggersbody = [ AlertRuleTrigger( mode="COUNT", operator="GT", expression="10", severity="TIPS" ) ] schedulebody = Schedule( frequency_interval=5, frequency_unit="MINUTE", period_interval=5, period_unit="MINUTE", delay_interval=2, overtime_interval=10 ) listCustomPropertiesbody = { "references": "https://localhost/references", "maintainer": "isap" } request.body = UpdateAlertRuleRequestBody( triggers=listTriggersbody, schedule=schedulebody, event_grouping=True, custom_properties=listCustomPropertiesbody, severity="TIPS", status="ENABLED", query_type="SQL", query="* | select status, count(*) as count group by status", rule_name="Alert rule" ) response = client.update_alert_rule(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := secmaster.NewSecMasterClient( secmaster.SecMasterClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.UpdateAlertRuleRequest{} modeTriggers:= model.GetAlertRuleTriggerModeEnum().COUNT operatorTriggers:= model.GetAlertRuleTriggerOperatorEnum().GT severityTriggers:= model.GetAlertRuleTriggerSeverityEnum().TIPS var listTriggersbody = []model.AlertRuleTrigger{ { Mode: &modeTriggers, Operator: &operatorTriggers, Expression: "10", Severity: &severityTriggers, }, } delayIntervalSchedule:= int32(2) overtimeIntervalSchedule:= int32(10) schedulebody := &model.Schedule{ FrequencyInterval: int32(5), FrequencyUnit: model.GetScheduleFrequencyUnitEnum().MINUTE, PeriodInterval: int32(5), PeriodUnit: model.GetSchedulePeriodUnitEnum().MINUTE, DelayInterval: &delayIntervalSchedule, OvertimeInterval: &overtimeIntervalSchedule, } var listCustomPropertiesbody = map[string]string{ "references": "https://localhost/references", "maintainer": "isap", } eventGroupingUpdateAlertRuleRequestBody:= true severityUpdateAlertRuleRequestBody:= model.GetUpdateAlertRuleRequestBodySeverityEnum().TIPS statusUpdateAlertRuleRequestBody:= model.GetUpdateAlertRuleRequestBodyStatusEnum().ENABLED queryTypeUpdateAlertRuleRequestBody:= model.GetUpdateAlertRuleRequestBodyQueryTypeEnum().SQL queryUpdateAlertRuleRequestBody:= "* | select status, count(*) as count group by status" ruleNameUpdateAlertRuleRequestBody:= "Alert rule" request.Body = &model.UpdateAlertRuleRequestBody{ Triggers: &listTriggersbody, Schedule: schedulebody, EventGrouping: &eventGroupingUpdateAlertRuleRequestBody, CustomProperties: listCustomPropertiesbody, Severity: &severityUpdateAlertRuleRequestBody, Status: &statusUpdateAlertRuleRequestBody, QueryType: &queryTypeUpdateAlertRuleRequestBody, Query: &queryUpdateAlertRuleRequestBody, RuleName: &ruleNameUpdateAlertRuleRequestBody, } response, err := client.UpdateAlertRule(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。
状态码
状态码 |
描述 |
---|---|
200 |
请求成功 |
400 |
请求失败 |
错误码
请参见错误码。