The syntax of alert rules expressions essentially involves operations between time series metric data. The logic seeks to find matching Labels (data tags) for metric values; metrics with different Labels cannot be operated on, so it is essential that the Labels remain consistent during operations.
Example:
In time series metric data, each time series is uniquely identified by a metric name (Metric Name) and data tags (Label), formatted as <metric name>{<label name>=<label value>, …}.
When configuring alerts, there are two crucial configurations in the auxiliary settings: value fields and label fields.
Value Field: Specifies a column of the query results as the result of the query condition, understood as the metric name (Metric Name).
Label Field: Specifies which columns of the query results are used as label names and label values for the value field, i.e., the labels (Label).
Transforming the data format based on the above images:
| Variable | Variable Value Field (Metric Name) | Variable Value Label Field (Label) | Transformed Time Series Data Format |
|---|---|---|---|
| A | $A.price | $A.product_name | A.price{product_name= |
If an additional B query condition is added in the alert configuration statistics, and A and B query conditions need to be computed together, then the data tags for both A and B query conditions must be consistent for the operation to proceed. If not, the operation cannot occur. The following images show that the data tags for B are inconsistent with those for A; thus, they cannot be computed together. By renaming fields to unify the data tags, the operations between $A and $B can be achieved.
Arithmetic Operators
| Operation | Description | Example |
|---|---|---|
| + | Addition | $A + $B |
| - | Subtraction | $A - $B |
| * | Multiplication | $A * $B |
| / | Division | $A / $B |
| () | Priority | ($A - $B) * $C |
Comparison Operators
| Operation | Description | Example |
|---|---|---|
| == | Checks if two values are equal; returns True if equal, otherwise returns False. | $A == $B $A == 0 |
| != | Checks if two values are not equal; returns True if not equal, otherwise returns False. | $A != $B $A.count != 0 |
| > | Checks if the left value is greater than the right value; returns True if so, otherwise returns False. | $A > $B $A > 0 |
| < | Checks if the left value is less than the right value; returns True if so, otherwise returns False. | $A < $B $A < 0 |
| >= | Checks if the left value is greater than or equal to the right value; returns True if so, otherwise returns False. | $A >= $B $A > 0 |
| <= | Checks if the left value is less than or equal to the right value; returns True if so, otherwise returns False. | $A <= $B $A <= 0 |
Timestamp Operations
| Current Time Field | Description | Example |
|---|---|---|
| now().Unix() | Used to compare the timestamp of query data with the current time. Unix() time format supports only addition and subtraction operations. | $A.timestamp - now().Unix() |
Logical Operators
| Operation | Description | Example |
|---|---|---|
| && | Logical AND operator. Returns True if both operands are True; otherwise returns False. | $A > 0 && $B < 10 |
| Logical OR operator. Returns True if either operand is True; otherwise returns False. | $A + $B > 20 |
Element Value Comparison
| Operation | Description | Example |
|---|---|---|
| in | Checks if an element exists in an array; returns true or false. Returns True if the element exists, otherwise returns False. | expr:$A in [“admin”, “moderator”] data:map[string]interface{}{"$.A": “admin”} expected: true |
| not in | Checks if an element does not exist in an array; returns true or false. Returns True if the element does not exist, otherwise returns False. | expr:$A not in [1, 2, 3] data:map[string]interface{}{"$.A": 5} expected: true |
String Contains and Not Contains
| Operation | Description | Example |
|---|---|---|
| contains | Checks if an element exists in an array; returns true or false. Returns True if the element exists, otherwise returns False. | expr:$A contains $B data: map[string]interface{}{"$.A": “hello world”, “$.B”: “world”} expected: true |
| not contains | Checks if one string does not contain another string; returns true or false. Returns True if it does not contain, otherwise returns False. | expr: $.A contains $.B data:map[string]interface{}{"$.A": “hello world”, “$.B”: “go”} expected: false |
Regular Expression Matching
| Operation | Description | Example |
|---|---|---|
| matches | Checks if a string matches a given regular expression; returns true or false. Returns True if it matches, otherwise returns False. | expr:$A matches $B data:map[string]interface{}{"$.A": “123”, “$.B”: “^[0-9]+$”} expected: true |
Value Range Check
| Operation | Description | Example |
|---|---|---|
| between | Checks if a value is within a specified range; returns true or false. Returns True if within the range, otherwise returns False. | expr:between($.A, [100,200]) data: map[string]interface{}{"$.A": 155.0} expected: true |
| not between | Checks if a value is not within a specified range; returns true or false. Returns True if not within the range, otherwise returns False. | expr: not between($.A, [100.3,200.3]) data: map[string]interface{}{"$.A": 155.1} expected: false |
More reference documentation: MySQL Alert Expression Use Cases
