Overview: The detection results of intelligent exception analysis are output to the notification channel configured by users through the SLS alarm function. In intelligent inspection scenarios, a single task often inspects a large number of entity objects, which involves many object rules. The new SLS alarm can better manage inspection events.
The detection result of intelligent exception analysis is output to the notification channel configured by the user through the SLS alarm function. In intelligent inspection scenarios, a single task often inspects a large number of entity objects, which involves many object rules. The new SLS alarm can better manage inspection events.
Inspect the event infrastructure
Here, we first take a brief look at the basic logic of inspection tasks:
A single inspection job contains N entities, each of which corresponds to an inspection model. When an abnormal event is generated, users are notified through the alarm system. Therefore, you need to be able to distribute and manage the result in different ways.
Let’s take a look at the infrastructure of inspection events. The built-in template is as follows:
${results[0]. Project} + LogStore: ${results[0]. Store} ## Entity: ${labels} ## ${annotations. Anomaly_score} ## [image] (${annotations. __plot_image__}) [[data] for details (${query_url})], [[work] for details (${alert_url})] [[identify] (${annotations. __ensure_url__})] [] [misstatement (${annotations. __mismatch_url__})]Copy the codeLet’s take a look at the sample alarm messages. The following descriptions are based on the corresponding results.
{ "results": [ { "store_type": "log", "region": "cn-chengdu", "project": "sls-ml-demo", "store": "machine_metric_logtail", "start_time": 1641361140, "end_time": 1641361200 } ], "labels": { "ip": "192.168.1.5", "name" : "load_avg"}, "annotations" : {" __ensure_url__ ":" $url_path ", "__mismatch_url__" : "$url_path", "__plot_image__": "$url_path", "alert_msg_type": "ml_anomaly_msg", "anomaly_score": "0.8000", "anomaly_type_id" : "1", "anomaly_type_name" : "STAB_TYPE", "job_id" : "29030-2bbf5beba0110fa869339708a8217b67", "model_id": "9c0f0d5ad4879eb75237e2ec8494f5f1", "title": "metric-logtail-sql" }, "severity": 8, "drill_down_url": "$url_path" }Copy the codeTypical Scenario Configuration
The scene of a
Target: Filter exceptions for specific entities
steps
- The action Policy ID of an inspection task is found based on the actual configuration of the user. The specific path is as follows:
- In the action policy, add corresponding conditions
- Based on the alarm fields provided above, we assume that currently only the alarm messages with field [IP] and value [192.168.1.5] in [label] are sent to the specific [pin robot]
Scenario 2
Target: Filter exceptions for a particular score
steps
-
Find the specific Action Policy ID and add condition.
-
Configure alarms whose [exception score] exceeds [0.9] to a specific channel
-
Anomaly_score -anomaly_score
-
“Regular” – ^ ((1 \. 0 *) | (0 \. 9 [0-9] *)) $
Scenario 3
Target: Filters exceptions for a particular score for a particular entity
steps
-
Find the specific Action Policy ID and add condition.
-
Configure alarms whose exception score exceeds [0.9] score for [specific entity] to a specific channel
-
【 note 】 the name of the set to anomaly_score, “regular” – ^ ((1 \. 0 *) | (0 \. 9 [0-9] *)) $
-
The label name is set to IP and the corresponding entity content is 192.168.1.5
Scenario 4
Target: Filters for exceptions of a specific exception type
steps
- Find the specific Action Policy ID and add condition.
- Configuration [Specific Exception Mode]
- Configure [annotation] anomaly_type_id to discriminate based on the corresponding value. For details, see [Exception Type Description](help.aliyun.com/document\_d…).
- Only certain anomaly_type_id = 7 exceptions are accepted here
Scene five
Target: Distributes data based on inspection events and root cause events
steps
- Find the specific Action Policy ID and add condition.
- Configure intelligent Alarm Event Type.
- Configure alert_MSg_type. The corresponding value is ml_anomaly_msg (this field indicates intelligent inspection alarms).
The original link
This article is the original content of Aliyun and shall not be reproduced without permission.