Alert Rule Subscription Feature Description
In enterprise-level monitoring scenarios, the following division of responsibilities often exists:
● Business Application Teams: Responsible for alert management at the business level.
● Infrastructure Teams: Responsible for managing alerts for underlying resources and infrastructure components.
Use Case
When business teams need a comprehensive understanding of application operation status, they often need to be aware of:
● Alerts related to the business application itself.
● The status of the infrastructure that the application depends on.
To facilitate cross-team sharing of alert information, the platform provides an alert rule subscription feature. Through this feature, business teams can subscribe to the alert rules related to their applications and achieve unified analysis.
Field Description
Note: An alert event is only subscribed to if it meets all conditions configured in the rule, so each configuration is an AND condition.
● Data Source Type: The data source type of the alert event to be subscribed to.
● Subscribe Alert Rules: You can select alert rules from the specified business group for subscription.
● Alert Severity: You can subscribe to only alerts of a specific severity level.
● Subscribe Event Labels: Similar to the label filtering in the suppression rules, only events that match the configured labels will go through the subscription logic.
Matching Operator Description:
“==” : Exact match for the label value.
Subscribing to alert rules where the label rulename is “Test server mounting multiple business group alerts.”
“=~” : Match the label value using regular expressions.
Subscribing to alert rules where the label ident contains flashcat or v63-192.168.0.2.
“!=” : Exact mismatch for the label value (negation).
Subscribing to alert rules where the label ident is not pushgw-flashcat02-192.168.0.2.
“!~” : Mismatch the label value using regular expressions (negation).
Subscribing to alert rules where the label ident does not contain the keyword flashcat.
● Subscribe Business Groups: Filter and match business groups using operators.
“in” : Subscribe to alerts from multiple business groups.
“not in” : Subscribe to alerts from multiple business groups (negation).
● Subscribe Event Duration: As shown in the figure, the subscription logic does not trigger on the first alert. The subscription logic will trigger only when the duration between the subsequent event and the first event exceeds 3600 seconds. The event duration configuration can be used as a fallback strategy or escalation strategy for alert notifications.
● Alert Severity, Notification Medium, Callback Address: For the filtered alert events, we can modify the original alert severity, notification medium, and callback address when sending.
● Subscribe Receiving Group: The alert events that are subscribed to can be sent to specific teams.
● Notification Aggregation (Pro Version Feature): After configuration, alert notifications will wait for a certain period to aggregate before being sent, reducing disturbances to the receiver.
Finally, Flashcat business group users will receive alerts for subscribing to MySQL business alerts.
Using Alert Additional Tags as Subscription Filter Criteria
When configuring system metric alert rules, additional tags can be used to differentiate alert types. For example, the following alert rule for MySQL adds the app=flashcat tag.
When subscribing to alert rules, using the alert tag for subscription ensures that only alerts with the app=flashcat tag are subscribed.
title: “订阅告警” description: “夜莺(Nightingale)订阅告警” keywords: [“Nightingale”] titleImage: “/images/docs/介绍背板.png” weight: 7716
告警规则订阅功能说明
在企业级监控场景中,通常存在以下分工模式:
● 业务应用团队: 负责业务层面的告警管理
● 基础设施团队: 负责底层资源和基础组件的告警管理
使用场景
当业务团队需要全面了解应用运行状态时,往往需要同时掌握:
● 业务应用本身的告警信息
● 应用所依赖的基础设施状态
为了便于跨团队告警信息共享,平台提供了告警规则订阅功能。通过该功能,业务团队可以订阅其应用相关的基础设施告警规则,实现统一分析。
字段介绍
注意:告警事件在满足规则中配置的所有条件之后,才会被订阅,所以每项配置是且的关系。
● 数据源类型:想要订阅的告警事件的数据源类型;
● 订阅告警规则:可以选择指定业务组中的告警规则进行订阅;
● 告警事件等级:可以只订阅某个等级的告警事件;
● 订阅事件标签:和屏蔽规则中的标签筛选类似,与配置的标签匹配的事件,才会走订阅逻辑;
匹配操作符介绍:
“==":绝对匹配标签的value
订阅匹配标签 rulename 的值是“测试服务器挂载多个业务组告警”的告警规则。
“=~":通过正则表达式匹配标签value
订阅正则表达式匹配标签 ident 的值是包含 flashcat 或者是 v63-192.168.0.2 的告警规则;
“!=":绝对不匹标签的value(取反)
订阅匹配标签 ident 的值不是 pushgw-flashcat02-192.168.0.2 的告警规则。
“!~":通过正则表达式不匹配标签 value (取反)
订阅正则表达式匹配 ident 的值是不包含 flashcat 关键词的告警规则;
● 订阅业务组:通过运算符过滤匹配业务组;
“in” 订阅多个业务组告警;
“not in” 订阅多个业务组(取反);
● 订阅事件持续时长:如上图所示,订阅告警时间第一次不会触发订阅逻辑,当后一次订阅事件时间与第一次订阅事件的时间差大于3600秒才会触发订阅逻辑;订阅事件时长配置可以作为告警事件通知兜底策略或者升级策略使用。
● 告警级别、通知媒介、回调地址:对于筛选到的告警事件,在发送的时候,我们可以修改原来的告警级别、通知媒介和回调地址
● 订阅接收组:订阅的告警事件,重新发给哪些团队
● 通知聚合(专业版功能):配置之后,告警通知会等待一段时间聚合之后,一起发送,减少对接收方的打扰
最后就可以实现 Flashcat 业务组用户收到订阅 MySQL 业务的告警。
告警附加标签作为订阅过滤条件使用场景
在配置系统指标告警规则的时候,通过告警附加标签区分告警类别,如下图对 MySQL 某一条告警规则进行app=flashcat附加标签
