更新告警规则
功能介绍
Update alert rule
调用方法
请参见如何调用API。
URI
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id}
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
project_id |
是 |
String |
项目 ID。Project ID. |
|
workspace_id |
是 |
String |
工作空间 ID。Workspace ID. |
|
rule_id |
是 |
String |
告警规则 ID。Alert rule ID. |
请求参数
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
X-Auth-Token |
是 |
String |
用户Token,通过调用IAM服务获取用户Token接口获取。 IAM user token, fetch from IAM api. |
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
rule_name |
否 |
String |
告警规则名称。Alert rule name. |
|
description |
否 |
String |
描述。Description. |
|
query |
否 |
String |
查询语句。Query. |
|
query_type |
否 |
String |
查询语法,SQL。Query type. SQL. |
|
status |
否 |
String |
启用状态,启用、停用。Status, enabled, disabled. |
|
severity |
否 |
String |
严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL |
|
custom_properties |
否 |
Map<String,String> |
自定义扩展信息。Custom properties. |
|
alert_type |
否 |
Map<String,String> |
告警类型。Alert type. |
|
event_grouping |
否 |
Boolean |
告警分组。Event grouping. |
|
suppression |
否 |
Boolean |
告警抑制。Suppression |
|
simulation |
否 |
Boolean |
模拟告警。Simulation. |
|
schedule |
否 |
Schedule object |
调度规则。Schedule Rule. |
|
triggers |
否 |
Array of AlertRuleTrigger objects |
告警触发规则。Alert triggers. |
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
frequency_interval |
是 |
Integer |
调度间隔。Frequency interval. |
|
frequency_unit |
是 |
String |
调度间隔单位,分钟、小时、天。Frequency unit. MINUTE, HOUR, DAY. |
|
period_interval |
是 |
Integer |
时间窗口间隔。Period interval. |
|
period_unit |
是 |
String |
时间窗口单位,分钟、小时、天。Period unit. MINUTE, HOUR, DAY. |
|
delay_interval |
否 |
Integer |
延迟间隔。Delay interval |
|
overtime_interval |
否 |
Integer |
超时间隔。Overtime interval |
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
mode |
否 |
String |
模式,数量。Mode. COUNT. |
|
operator |
否 |
String |
操作符,等于、不等于、大于、小于。 operator. EQ equal, NE not equal, GT greater than, LT less than. |
|
expression |
是 |
String |
expression |
|
severity |
否 |
String |
严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL |
|
accumulated_times |
否 |
Integer |
accumulated_times |
响应参数
状态码: 200
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
rule_id |
String |
告警规则 ID。Alert rule ID. |
|
pipe_id |
String |
数据管道 ID。Pipe ID. |
|
pipe_name |
String |
数据管道名称。Pipe name. |
|
create_by |
String |
创建人。Create by. |
|
create_time |
Long |
创建时间。Create time. |
|
update_by |
String |
更新人。Update by. |
|
update_time |
Long |
更新时间。Update time. |
|
delete_time |
Long |
删除时间。Delete time. |
|
rule_name |
String |
告警规则名称。Alert rule name. |
|
query |
String |
查询语句。Query. |
|
query_type |
String |
查询语法,SQL。Query type. SQL. |
|
status |
String |
启用状态,启用、停用。Status, enabled, disabled. |
|
severity |
String |
严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL |
|
custom_properties |
Map<String,String> |
自定义扩展信息。Custom properties. |
|
event_grouping |
Boolean |
告警分组。Event grouping. |
|
schedule |
Schedule object |
调度规则。Schedule Rule. |
|
triggers |
Array of AlertRuleTrigger objects |
告警触发规则。Alert triggers. |
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
frequency_interval |
Integer |
调度间隔。Frequency interval. |
|
frequency_unit |
String |
调度间隔单位,分钟、小时、天。Frequency unit. MINUTE, HOUR, DAY. |
|
period_interval |
Integer |
时间窗口间隔。Period interval. |
|
period_unit |
String |
时间窗口单位,分钟、小时、天。Period unit. MINUTE, HOUR, DAY. |
|
delay_interval |
Integer |
延迟间隔。Delay interval |
|
overtime_interval |
Integer |
超时间隔。Overtime interval |
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
mode |
String |
模式,数量。Mode. COUNT. |
|
operator |
String |
操作符,等于、不等于、大于、小于。 operator. EQ equal, NE not equal, GT greater than, LT less than. |
|
expression |
String |
expression |
|
severity |
String |
严重程度,提示、低危、中危、高危、致命。Severity. TIPS, LOW, MEDIUM, HIGH, FATAL |
|
accumulated_times |
Integer |
accumulated_times |
状态码: 400
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
X-request-id |
String |
This field is the request ID number for task tracking. Format is request_uuid-timestamp-hostname. |
请求示例
更新一条告警规则,告警规则名称为Alert rule,查询类型为SQL,状态为启用,严重程度为提示。
{
"rule_name" : "Alert rule",
"query" : "* | select status, count(*) as count group by status",
"query_type" : "SQL",
"status" : "ENABLED",
"severity" : "TIPS",
"custom_properties" : {
"references" : "https://localhost/references",
"maintainer" : "isap"
},
"event_grouping" : true,
"schedule" : {
"frequency_interval" : 5,
"frequency_unit" : "MINUTE",
"period_interval" : 5,
"period_unit" : "MINUTE",
"delay_interval" : 2,
"overtime_interval" : 10
},
"triggers" : [ {
"mode" : "COUNT",
"operator" : "GT",
"expression" : 10,
"severity" : "TIPS"
} ]
}
响应示例
状态码: 200
请求成功
{
"rule_id" : "443a0117-1aa4-4595-ad4a-796fad4d4950",
"pipe_id" : "772fb35b-83bc-46c9-a0b1-ebe31070a889",
"create_by" : "582dd19dd99d4505a1d7929dc943b169",
"create_time" : 1665221214,
"update_by" : "582dd19dd99d4505a1d7929dc943b169",
"update_time" : 1665221214,
"delete_time" : 0,
"rule_name" : "Alert rule",
"query" : "* | select status, count(*) as count group by status",
"query_type" : "SQL",
"status" : "ENABLED",
"severity" : "TIPS",
"custom_properties" : {
"references" : "https://localhost/references",
"maintainer" : "isap"
},
"event_grouping" : true,
"schedule" : {
"frequency_interval" : 5,
"frequency_unit" : "MINUTE",
"period_interval" : 5,
"period_unit" : "MINUTE",
"delay_interval" : 2,
"overtime_interval" : 10
},
"triggers" : [ {
"mode" : "COUNT",
"operator" : "GT",
"expression" : 10,
"severity" : "TIPS"
} ]
}
状态码
|
状态码 |
描述 |
|---|---|
|
200 |
请求成功 |
|
400 |
请求失败 |
错误码
请参见错误码。
