Detailed log:{{.QueryLog[0][0]}}
Detailed log:{"content":{"body_bytes_sent":"33352","http_referer":"-","http_user_agent":"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36","remote_addr":"201.80.83.199","remote_user":"-","request_method":"GET","request_uri":"/content/themes/test-com/images/header_about.jpg","status":"404","time_local":"01/Nov/2018:01:16:31"},"fileName":"/root/testLog/nginx.log","pkg_id":"285A243662909DE3-70A","source":"172.17.0.2","time":1653831150008,"topicId":"a54de372-ffe0-49ae-a12e-c340bb2b03f2"}
Variable | Configuration | Sample Variable Value | Description |
{{.UIN}} | Account ID | 100007xxx827 | - |
{{.Nickname}} | Account nickname | xx company | - |
{{.Region}} | Region | Guangzhou | - |
{{.Alarm}} | Alarm policy name | Too many NGINX error logs | - |
{{.AlarmID}} | Alarm policy ID | notice-3abd7ad6-15b7-4168-xxxx-52e5b961a561 | - |
{{.ExecuteQuery}} | Executed Statement | ["status:>=400 | select count(*) as errorLogCount","status:>=400 | select count(*) as errorLogCount,request_uri group by request_uri order by count(*) desc"] | It is an array. {{.ExecuteQuery[0]}} indicates the detailed log of the first query statement, {{.ExecuteQuery[1]}} the second, and so on. |
{{.Condition}} | Trigger Condition | $1.errorLogCount > 1 | - |
{{.HappenThreshold}} | Number of times the trigger condition needs to be constantly met before an alarm is triggered | 1 | - |
{{.AlertThreshold}} | Alarm interval | 15 | Unit: Minute |
{{.Topic}} | Log topic name | nginxLog | - |
{{.TopicId}} | Log topic ID | a54de372-ffe0-49ae-xxxx-c340bb2b03f2 | - |
{{.StartTime}} | Time when the alarm is triggered for the first time | 2022-05-28 18:56:37 | Time zone: Asia/Shanghai |
{{.StartTimeUnix}} | Timestamp when the alarm is triggered for the first time | 1653735397099 | UNIX timestamp in milliseconds |
{{.NotifyTime}} | Time of this alarm notification | 2022-05-28 19:41:37 | Time zone: Asia/Shanghai |
{{.NotifyTimeUnix}} | Timestamp of this alarm notification | 1653738097099 | UNIX timestamp in milliseconds |
{{.NotifyType}} | Alarm notification type | 1 | Valid values: `1` (alarmed), `2` (resolved) |
{{.ConsecutiveAlertNums}} | Number of consecutive alarms | 2 | - |
{{.Duration}} | Alarm duration | 0 | Unit: Minute |
{{.TriggerParams}} | Alarm trigger parameter | $1.errorLogCount=5; | - |
{{.ConditionGroup}} | Group information when the alarm is triggered | {"$1.AppName":"userManageService"} | This is valid only when triggering by group is enabled in the alarm policy. |
{{.DetailUrl}} | URL of the alarm details page | https://alarm.cls.tencentcs.com/MDv2xxJh | No login is required. |
{{.QueryUrl}} | URL of the search and analysis statement in the first query statement | https://alarm.cls.tencentcs.com/T0pkxxMA | - |
{{.Message}} | Notification content | - | It indicates the **notification content** entered in the alarm policy. |
{{.QueryResult}} | Execution result of the query statement | - | |
{{.QueryLog}} | Detailed log matching the search condition of the query statement | - | |
{{.AnalysisResult}} | Multi-dimensional analysis result | This variable is valid only when an alarm is triggered and becomes invalid when the alarm is cleared. |
{{.QueryResult[0]}}
indicates the execution result of the first query statement, {{.QueryResult[1]}}
the second, and so on.The first query statement: status:>=400 | select count(*) as errorLogCountThe second query statement: status:>=400 | select count(*) as errorLogCount,request_uri group by request_uri order by count(*) desc
[[{"errorLogCount": 7}],[{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]]
{{.QueryLog[0]}}
indicates the detailed log of the first query statement, {{.QueryLog[1]}}
the second, and so on. Up to last ten detailed logs can be contained in each query statement.[[{"content": {"__TAG__": {"pod": "nginxPod","cluster": "testCluster"},"body_bytes_sent": "32847","http_referer": "-","http_user_agent": "Opera/9.80 (Windows NT 6.1; U; en-US) Presto/2.7.62 Version/11.01","remote_addr": "105.86.148.186","remote_user": "-","request_method": "GET","request_uri": "/apple-touch-icon-144x144.png","status": "404","time_local": "01/Nov/2018:00:55:14"},"fileName": "/root/testLog/nginx.log","pkg_id": "285A243662909DE3-5CD","source": "172.17.0.2","time": 1653739000013,"topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2"}, {"content": {"__TAG__": {"pod": "nginxPod","cluster": "testCluster"},"body_bytes_sent": "33496","http_referer": "-","http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36","remote_addr": "222.18.168.242","remote_user": "-","request_method": "GET","request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html","status": "404","time_local": "01/Nov/2018:00:54:37"},"fileName": "/root/testLog/nginx.log","pkg_id": "285A243662909DE3-5C8","source": "172.17.0.2","time": 1653738975008,"topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2"}]]
key
being the multi-dimensional analysis name and the value
being the multi-dimensional analysis result. This variable is valid only when an alarm is triggered (that is, {{.NotifyType}}=1) and becomes invalid when the alarm is cleared (that is, {{.NotifyType}}=2).Name: Top URLType: Top 5 field values by occurrence and their percentagesField: request_uriName: Error log URL distributionType: Custom search and analysisAnalysis statement: status:>=400 | select count(*) as errorLogCount,request_uri group by request_uri order by count(*) descName: Detailed error logType: Custom search and analysisAnalysis statement: status:>=400
{"Top URL": [{"count": 77,"ratio": 0.45294117647058824,"value": "/"}, {"count": 20,"ratio": 0.11764705882352941,"value": "/favicon.ico"}, {"count": 7,"ratio": 0.041176470588235294,"value": "/blog/feed"}, {"count": 5,"ratio": 0.029411764705882353,"value": "/test-tile-service"}, {"count": 3,"ratio": 0.01764705882352941,"value": "/android-chrome-192x192.png"}],"Detailed error log": [{"content": {"__TAG__": {"pod": "nginxPod","cluster": "testCluster"},"body_bytes_sent": "32847","http_referer": "-","http_user_agent": "Opera/9.80 (Windows NT 6.1; U; en-US) Presto/2.7.62 Version/11.01","remote_addr": "105.86.148.186","remote_user": "-","request_method": "GET","request_uri": "/apple-touch-icon-144x144.png","status": "404","time_local": "01/Nov/2018:00:55:14"},"fileName": "/root/testLog/nginx.log","pkg_id": "285A243662909DE3-5CD","source": "172.17.0.2","time": 1653739000013,"topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2"}, {"content": {"__TAG__": {"pod": "nginxPod","cluster": "testCluster"},"body_bytes_sent": "33496","http_referer": "-","http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36","remote_addr": "222.18.168.242","remote_user": "-","request_method": "GET","request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html","status": "404","time_local": "01/Nov/2018:00:54:37"},"fileName": "/root/testLog/nginx.log","pkg_id": "285A243662909DE3-5C8","source": "172.17.0.2","time": 1653738975008,"topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2"}],"Error log URL distribution": [{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]}
{{ }}
, and text outside {{ }}
won't be processed.{{.variable[x]}} or {{index .variable x}}{{.variable.childNodeName}} or {{index .variable "childNodeName"}}
{{.variable[x]}}
(equivalent to {{index .variable x}}
) is used to extract array elements by subscript. Here, x
is an integer greater than or equal to 0.{{.variable.childNodeKey}}
(equivalent to {{index .variable "childNodeName"}}
) is used to extract sub-object values (value
) by sub-object name (key
).{{index .variable "childNodeName"}}
, such as {{index .AnalysisResult "Top URL"}}
.{{.QueryResult}}
variable values are:[[{"errorLogCount": 7 // Extract the value}],[{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]]
errorLogCount
value of the first array through the following expression:{{.QueryResult[0][0].errorLogCount}}
7
{{range .variable}}Custom content{{.childNode1}}custom content{{.childNode2}}...{{end}}
{{range $key,$value := .variable}}Custom content{{$key}}custom content{{$value}}...{{end}}
{{.QueryResult}}
variable values are:[[{"errorLogCount": 7}],[{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]]
errorLogCount
value of each request_uri
in the second array through the following expression:{{range .QueryResult[1]}}* {{.request_uri}} error log quantity: {{.errorLogCount}}{{end}}
* /apple-touch-icon-144x144.png error log quantity: 3* /feed error log quantity: 3* /opt/node_apps/test-v5/app/themes/basic/public/static/404.html error log quantity: 1
{{if boolen}}xxx{{end}}
{{if boolen}}xxx{{else}}xxx{{end}}
{{if boolen}}xxx{{else if boolen}}xxx{{end}}
eq arg1 arg2: When arg1 == arg2, the value is `true`.ne arg1 arg2: When arg1 != arg2, the value is `true`.lt arg1 arg2: When arg1 < arg2, the value is `true`.le arg1 arg2: When arg1 <= arg2, the value is `true`.gt arg1 arg2: When arg1 > arg2, the value is `true`.ge arg1 arg2: When arg1 >= arg2, the value is `true`.
{{.QueryResult}}
variable values are:[[{"errorLogCount": 7}],[{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]]
request_uri
that is ≥ 2 and ≤ 100 and its errorLogCount
value in the second array through the following expression:{{range .QueryResult[1]}}{{if and (ge .errorLogCount 2) (le .errorLogCount 100)}}* {{.request_uri}} error log quantity: {{.errorLogCount}}{{end}}{{end}}
* /apple-touch-icon-144x144.png error log quantity: 3* /feed error log quantity: 3
if
to check whether the field value exists. If the field value is an empty string or does not exist, it is equivalent to false
. For example:{{if .QueryLog[0][0].apple}}apple exist, value is : {{.QueryLog[0][0].apple}}{{else}}apple is not exist{{end}}
{{- xxx}} or {{xxx -}}
-
at the beginning or end in {{ }}
to remove blank areas.{{- range .QueryResult[1]}}{{- if and (ge .errorLogCount 2) (le .errorLogCount 100)}}* {{.request_uri}} error log quantity: {{.errorLogCount}}{{- end}}{{- end}}
* /apple-touch-icon-144x144.png error log quantity: 3* /feed error log quantity: 3
{{escape .variable}}
{{.ExecuteQuery[0]}}
variable value is status:>=400 | select count(*) as "error log quantity"
.
If escaping is not used, the request content in the custom webhook configuration will be:{"Query":"{{.ExecuteQuery[0]}}"}
{"Query":"status:>=400 | select count(*) as "error log quantity""}
{"Query":"{{escape .ExecuteQuery[0]}}"}
{"Query":"status:>=400 | select count(*) as \\"error log quantity\\""}
{{substr .variable start}} or {{substr .variable start length}}
{{.QueryLog[0][0].fileName}}
variable value is:/root/testLog/nginx.log
{{substr .QueryLog[0][0].fileName 6 7 }}
testLog
{{extract .variable "startstring" ["endstring"]}}
{{.QueryLog[0][0].fileName}}
variable value is:/root/testLog/nginx.log
/root/
and /nginx
through the following expression:{{extract .QueryLog[0][0].fileName "/root/" "/nginx"}}
testLog
{{containstr .variable "searchstring"}}
{{.QueryLog[0][0].fileName}}
variable value is:/root/testLog/nginx.log
/root/
and /nginx
through the following expression:{{if containstr .QueryLog[0][0].fileName "test"}}Test log{{else}}Non-test log{{end}}
Test log
{{fromUnixTime .variable}} or {{fromUnixTime .variable "timezone"}}
{{.QueryLog[0][0].time}}
variable value is:1653893435008
{{fromUnixTime .QueryLog[0][0].time}}{{fromUnixTime .QueryLog[0][0].time "Asia/Shanghai"}}{{fromUnixTime .QueryLog[0][0].time "Asia/Tokyo"}}
2022-05-30 14:50:35.008 +0800 CST2022-05-30 14:50:35.008 +0800 CST2022-05-30 15:50:35.008 +0900 JST
{{concat .variable1 .variable2 ...}}
{{concat .Region .Alarm}}
Guangzhou alarmTest
{{base64_encode .variable}}{{base64_decode .variable}}{{base64url_encode .variable}}{{base64url_decode .variable}}{{url_encode .variable}}{{url_decode .variable}}
{{base64_encode "test"}}{{base64_decode "dGVzdOa1i+ivlQ=="}}{{base64url_encode "test"}}{{base64url_decode "dGVzdOa1i-ivlQ=="}}{{url_encode "https://console.tencentcloud.com:80/cls?region=ap-chongqing"}}{{url_decode "https%3A%2F%2Fconsole.cloud.tencent.com%3A80%2Fcls%3Fregion%3Dap-chongqing"}}
dGVzdOa1i+ivlQ==testdGVzdOa1i-ivlQ==testhttps%3A%2F%2Fconsole.cloud.tencent.com%3A80%2Fcls%3Fregion%3Dap-chongqinghttps://console.tencentcloud.com:80/cls?region=ap-chongqing
{{md5 .variable}}{{md5 .variable | base64_encode}}{{md5 .variable | base64url_encode}}{{sha1 .variable}}{{sha1 .variable | base64_encode}}{{sha1 .variable | base64url_encode}}{{sha256 .variable}}{{sha256 .variable | base64_encode}}{{sha256 .variable | base64url_encode}}{{sha512 .variable}}{{sha512 .variable | base64_encode}}{{sha512 .variable | base64url_encode}}
{{md5 "test"}}{{md5 "test" | base64_encode}}{{md5 "test" | base64url_encode}}{{sha1 "test"}}{{sha1 "test" | base64_encode}}{{sha1 "test" | base64url_encode}}{{sha256 "test"}}{{sha256 "test" | base64_encode}}{{sha256 "test" | base64url_encode}}{{sha512 "test"}}{{sha512 "test" | base64_encode}}{{sha512 "test" | base64url_encode}}
098F6BCD4621D373CADE4E832627B4F6CY9rzUYh03PK3k6DJie09g==CY9rzUYh03PK3k6DJie09g==A94A8FE5CCB19BA61C4C0873D391E987982FBBD3qUqP5cyxm6YcTAhz05Hph5gvu9M=qUqP5cyxm6YcTAhz05Hph5gvu9M=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg=EE26B0DD4AF7E749AA1A8EE3C10AE9923F618980772E473F8819A5D4940E0DB27AC185F8A0E1D5F84F88BC887FD67B143732C304CC5FA9AD8E6F57F50028A8FF7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc_iBml1JQODbJ6wYX4oOHV-E-IvIh_1nsUNzLDBMxfqa2Ob1f1ACio_w==
{{hmac_md5 .variable "Secretkey"}}{{hmac_md5 .variable "Secretkey" | base64_encode}}{{hmac_md5 .variable "Secretkey" | base64url_encode}}{{hmac_sha1 .variable "Secretkey"}}{{hmac_sha1 .variable "Secretkey" | base64_encode}}{{hmac_sha1 .variable "Secretkey" | base64url_encode}}{{hmac_sha256 .variable "Secretkey"}}{{hmac_sha256 .variable "Secretkey" | base64_encode}}{{hmac_sha256 .variable "Secretkey" | base64url_encode}}{{hmac_sha512 .variable "Secretkey"}}{{hmac_sha512 .variable "Secretkey" | base64_encode}}{{hmac_sha512 .variable "Secretkey" | base64url_encode}}
Secretkey
is the key in the HMAC encryption algorithm and can be modified as needed.{{hmac_md5 "test" "Secretkey"}}{{hmac_md5 "test" "Secretkey" | base64_encode}}{{hmac_md5 "test" "Secretkey" | base64url_encode}}{{hmac_sha1 "test" "Secretkey"}}{{hmac_sha1 "test" "Secretkey" | base64_encode}}{{hmac_sha1 "test" "Secretkey" | base64url_encode}}{{hmac_sha256 "test" "Secretkey"}}{{hmac_sha256 "test" "Secretkey" | base64_encode}}{{hmac_sha256 "test" "Secretkey" | base64url_encode}}{{hmac_sha512 "test" "Secretkey"}}{{hmac_sha512 "test" "Secretkey" | base64_encode}}{{hmac_sha512 "test" "Secretkey" | base64url_encode}}
E7B946D930658699AA668601E33E87CE57lG2TBlhpmqZoYB4z6Hzg==57lG2TBlhpmqZoYB4z6Hzg==2AB64F124D932F5033EAC7AF392AC5CC4D52F503KrZPEk2TL1Az6sevOSrFzE1S9QM=KrZPEk2TL1Az6sevOSrFzE1S9QM=FC49EBC05209B1359773D87C216BA85BCE0163FDE459EA37AB603EC9D8445D23/EnrwFIJsTWXc9h8IWuoW84BY/3kWeo3q2A+ydhEXSM=_EnrwFIJsTWXc9h8IWuoW84BY_3kWeo3q2A-ydhEXSM=D18DF3D943F74769A8B66E43D7EF03639BB6B8B8A2EBC9976170DC58EEE58BE98478F3183E4B5AA3481DE12026AAE3843F8213B39D639EAC6EE93734EA667BC50Y3z2UP3R2motm5D1+8DY5u2uLii68mXYXDcWO7li+mEePMYPktao0gd4SAmquOEP4ITs51jnqxu6Tc06mZ7xQ==0Y3z2UP3R2motm5D1-8DY5u2uLii68mXYXDcWO7li-mEePMYPktao0gd4SAmquOEP4ITs51jnqxu6Tc06mZ7xQ==
key:value
. There is a key in each row, and CLS preset fields and metadata fields are not included.{{range $key,$value := .QueryLog[0][0].content}}{{if not (containstr $key "__TAG__")}}{{- $key}}:{{$value}}{{- end}}{{- end}}
.QueryLog[0][0]
indicates the last detailed log that meets the search condition of the first query statement in the alarm policy. Its value is:{"content": {"__TAG__": {"a": "b12fgfe","c": "fgerhcdhgj"},"body_bytes_sent": "33704","http_referer": "-","http_user_agent": "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36","remote_addr": "247.0.249.191","remote_user": "-","request_method": "GET","request_uri": "/products/hadoop)","status": "404","time_local": "01/Nov/2018:07:54:08"},"fileName": "/root/testLog/nginx.log","pkg_id": "285A243662909DE3-210B","source": "172.17.0.2","time": 1653908859008,"topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2"}
remote_addr:247.0.249.191time_local:01/Nov/2018:07:54:08http_user_agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36remote_user:-http_referer:-body_bytes_sent:33704request_method:GETrequest_uri:/products/hadoop)status:404
status:>=400 | select count(*) as errorLogCount,request_uri group by request_uri order by count(*) desc
.
The trigger condition is $1.errorLogCount > 10
.{{range .QueryResult[0]}}{{- if gt .errorLogCount 10}}{{.request_uri}} error log quantity: {{.errorLogCount}}{{- end}}{{- end}}
.QueryResult[0]
indicates the execution result of the first query statement in the alarm policy. Its value is:[{"errorLogCount": 161,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 86,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}, {"errorLogCount": 33,"request_uri": "/feed"}, {"errorLogCount": 26,"request_uri": "/wp-login.php"}, {"errorLogCount": 10,"request_uri": "/safari-pinned-tab.svg"}, {"errorLogCount": 7,"request_uri": "/mstile-144x144.png"}, {"errorLogCount": 4,"request_uri": "/atom.xml"}, {"errorLogCount": 3,"request_uri": "/content/plugins/prettify-gc-syntax-highlighter/launch.js?ver=3.5.2?ver=3.5.2"}]
/apple-touch-icon-144x144.png error log quantity: 161/opt/node_apps/elastic-v5/app/themes/basic/public/static/404.html error log quantity: 86/feed error log quantity: 33/wp-login.php error log quantity: 26
문제 해결에 도움이 되었나요?