详细日志:{{.QueryLog[0][0]}}
详细日志:{"content":{"body_bytes_sent":"33352","http_referer":"-","http_user_agent":"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36","remote_addr":"201.80.83.199","remote_user":"-","request_method":"GET","request_uri":"/content/themes/test-com/images/header_about.jpg","status":"404","time_local":"01/Nov/2018:01:16:31"},"fileName":"/root/testLog/nginx.log","pkg_id":"285A243662909DE3-70A","source":"172.17.0.2","time":1653831150008,"topicId":"a54de372-ffe0-49ae-a12e-c340bb2b03f2"}
变量 | 含义 | 变量值示例 | 说明 |
{{.UIN}} | 账号 ID | 100007xxx827 | - |
{{.Nickname}} | 账号昵称 | xx企业 | - |
{{.Region}} | 地域 | 广州 | - |
{{.Alarm}} | 告警策略名称 | Nginx 错误日志过多 | - |
{{.AlarmID}} | 告警策略 ID | notice-3abd7ad6-15b7-4168-xxxx-52e5b961a561 | - |
{{.ExecuteQuery}} | 执行语句 | ["status:>=400 | select count(*) as errorLogCount","status:>=400 | select count(*) as errorLogCount,request_uri group by request_uri order by count(*) desc"] | 数组结构,{{.ExecuteQuery[0]}}代表第1个执行语句的详细日志,{{.ExecuteQuery[1]}}代表第2个执行语句的详细日志,以此类推 |
{{.Condition}} | 触发条件 | $1.errorLogCount > 1 | - |
{{.HappenThreshold}} | 告警所需的触发条件持续满足次数 | 1 | - |
{{.AlertThreshold}} | 告警间隔时间 | 15 | 单位:分钟 |
{{.Topic}} | 日志主题名称 | nginxLog | - |
{{.TopicId}} | 日志主题 ID | a54de372-ffe0-49ae-xxxx-c340bb2b03f2 | - |
{{.StartTime}} | 第一次告警触发时间 | 2022-05-28 18:56:37 | 时区:Asia/Shanghai |
{{.StartTimeUnix}} | 第一次告警触发时间戳 | 1653735397099 | 毫秒级 UNIX 时间戳 |
{{.NotifyTime}} | 本次告警通知时间 | 2022-05-28 19:41:37 | 时区:Asia/Shanghai |
{{.NotifyTimeUnix}} | 本次告警通知时间戳 | 1653738097099 | 毫秒级 UNIX 时间戳 |
{{.NotifyType}} | 告警通知类型 | 1 | 1代表告警通知,2代表恢复通知 |
{{.ConsecutiveAlertNums}} | 连续告警次数 | 2 | - |
{{.Duration}} | 告警持续时间 | 0 | 单位:分钟 |
{{.TriggerParams}} | 告警触发时参数 | $1.errorLogCount=5; | - |
{{.ConditionGroup}} | 告警分组触发时对应的分组信息 | {"$1.AppName":"userManageService"} | 告警策略启用分组触发功能时才具备该变量 |
{{.DetailUrl}} | 告警详情页面链接 | https://alarm.cls.tencentcs.com/MDv2xxJh | 无需登录账号 |
{{.QueryUrl}} | 第一个执行语句的检索分析链接 | https://alarm.cls.tencentcs.com/T0pkxxMA | - |
{{.Message}} | 通知内容 | - | 特指告警策略配置中填写的“通知内容” |
{{.QueryResult}} | 执行语句执行结果 | - | |
{{.QueryLog}} | 执行语句中检索条件匹配到的详细日志 | - | |
{{.AnalysisResult}} | 多维分析结果 | 仅告警触发时具备该变量,告警恢复时无该变量 |
{{.QueryResult[0]}}
代表第1个执行语句的执行结果,{{.QueryResult[1]}}
代表第2个执行语句的执行结果,以此类推。第1个执行语句:status:>=400 | select count(*) as errorLogCount第2个执行语句:status:>=400 | select count(*) as errorLogCount,request_uri group by request_uri order by count(*) desc
[[{"errorLogCount": 7}],[{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]]
{{.QueryLog[0]}}
代表第1个执行语句的详细日志,{{.QueryLog[1]}}
代表第2个执行语句的详细日志,以此类推。每个执行语句最多包含最近的10条详细日志。[[{"content": {"__TAG__": {"pod": "nginxPod","cluster": "testCluster"},"body_bytes_sent": "32847","http_referer": "-","http_user_agent": "Opera/9.80 (Windows NT 6.1; U; en-US) Presto/2.7.62 Version/11.01","remote_addr": "105.86.148.186","remote_user": "-","request_method": "GET","request_uri": "/apple-touch-icon-144x144.png","status": "404","time_local": "01/Nov/2018:00:55:14"},"fileName": "/root/testLog/nginx.log","pkg_id": "285A243662909DE3-5CD","source": "172.17.0.2","time": 1653739000013,"topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2"}, {"content": {"__TAG__": {"pod": "nginxPod","cluster": "testCluster"},"body_bytes_sent": "33496","http_referer": "-","http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36","remote_addr": "222.18.168.242","remote_user": "-","request_method": "GET","request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html","status": "404","time_local": "01/Nov/2018:00:54:37"},"fileName": "/root/testLog/nginx.log","pkg_id": "285A243662909DE3-5C8","source": "172.17.0.2","time": 1653738975008,"topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2"}]]
名称:Top URL类型:字段TOP5及占比统计字段:request_uri名称:错误日志URL分布类型:自定义检索分析分析语句:status:>=400 | select count() as errorLogCount,request_uri group by request_uri order by count() desc
{ "Top URL": [{ "count": 77, "ratio": 0.45294117647058824, "value": "/" }, { "count": 20, "ratio": 0.11764705882352941, "value": "/favicon.ico" }, { "count": 7, "ratio": 0.041176470588235294, "value": "/blog/feed" }, { "count": 5, "ratio": 0.029411764705882353, "value": "/test-tile-service" }, { "count": 3, "ratio": 0.01764705882352941, "value": "/android-chrome-192x192.png" }], "详细错误日志": [{ "content": { "TAG": { "pod": "nginxPod", "cluster": "testCluster" }, "body_bytes_sent": "32847", "http_referer": "-", "http_user_agent": "Opera/9.80 (Windows NT 6.1; U; en-US) Presto/2.7.62 Version/11.01", "remote_addr": "105.86.148.186", "remote_user": "-", "request_method": "GET", "request_uri": "/apple-touch-icon-144x144.png", "status": "404", "time_local": "01/Nov/2018:00:55:14" }, "fileName": "/root/testLog/nginx.log", "pkg_id": "285A243662909DE3-5CD", "source": "172.17.0.2", "time": 1653739000013, "topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2" }, { "content": { "TAG": { "pod": "nginxPod", "cluster": "testCluster" }, "body_bytes_sent": "33496", "http_referer": "-", "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36", "remote_addr": "222.18.168.242", "remote_user": "-", "request_method": "GET", "request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html", "status": "404", "time_local": "01/Nov/2018:00:54:37" }, "fileName": "/root/testLog/nginx.log", "pkg_id": "285A243662909DE3-5C8", "source": "172.17.0.2", "time": 1653738975008, "topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2" }], "错误日志URL分布": [{ "errorLogCount": 3, "request_uri": "/apple-touch-icon-144x144.png" }, { "errorLogCount": 3, "request_uri": "/feed" }, { "errorLogCount": 1, "request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html" }] }
{{ }}
中,外部的文本不会进行处理。{{.variable[x]}} 或 {{index .variable x}}{{.variable.childNodeName}} 或 {{index .variable "childNodeName"}}
{{.variable[x]}}
按数组下标提取对应的数组元素,其中 x 为大于等于0的整数,等价于 {{index .variable x}}
。{{.variable.childNodeKey}}
按子级对象名称(key)提取对应的子级对象值(value),等价于 {{index .variable "childNodeName"}}
。{{index .variable "childNodeName"}}
形式的语法,例如 {{index .AnalysisResult "Top URL"}}
。{{.QueryResult}}
变量值为:[[{"errorLogCount": 7 //提取该值}],[{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]]
{{.QueryResult[0][0].errorLogCount}}
7
{{range .variable}}自定义内容{{.childNode1}}自定义内容{{.childNode2}}...{{end}}
{{range $key,$value := .variable}}自定义内容{{$key}}自定义内容{{$value}}...{{end}}
{{.QueryResult}}
变量值为:[[{"errorLogCount": 7}],[{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]]
{{range .QueryResult[1]}}* {{.request_uri}}错误日志数:{{.errorLogCount}}{{end}}
* /apple-touch-icon-144x144.png错误日志数:3* /feed错误日志数:3* /opt/node_apps/test-v5/app/themes/basic/public/static/404.html错误日志数:1
{{if boolen}}xxx{{end}}
{{if boolen}}xxx{{else}}xxx{{end}}
{{if boolen}}xxx{{else if boolen}}xxx{{end}}
eq arg1 arg2 : arg1 == arg2时为truene arg1 arg2 : arg1 != arg2时为truelt arg1 arg2 : arg1 < arg2时为truele arg1 arg2 : arg1 <= arg2时为truegt arg1 arg2 : arg1 > arg2时为truege arg1 arg2 : arg1 >= arg2时为true
{{.QueryResult}}
变量值为:[[{"errorLogCount": 7}],[{"errorLogCount": 3,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 3,"request_uri": "/feed"}, {"errorLogCount": 1,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}]]
{{range .QueryResult[1]}}{{if and (ge .errorLogCount 2) (le .errorLogCount 100)}}* {{.request_uri}}错误日志数:{{.errorLogCount}}{{end}}{{end}}
* /apple-touch-icon-144x144.png错误日志数:3* /feed错误日志数:3
{{if .QueryLog[0][0].apple}}apple exist, value is : {{.QueryLog[0][0].apple}}{{else}}apple is not exist{{end}}
{{- xxx}} 或 {{xxx -}}
{{ }}
的头部或尾部使用-
移除其前面或后面的空白符号。{{- range .QueryResult[1]}}{{- if and (ge .errorLogCount 2) (le .errorLogCount 100)}}* {{.request_uri}}错误日志数:{{.errorLogCount}}{{- end}}{{- end}}
* /apple-touch-icon-144x144.png错误日志数:3* /feed错误日志数:3
{{escape .variable}}
{{.ExecuteQuery[0]}}
的变量值为 status:>=400 | select count(*) as "错误日志数"
如果不使用转义,自定义接口回调配置中请求内容为:{"Query":"{{.ExecuteQuery[0]}}"}
{"Query":"status:>=400 | select count(*) as "错误日志数""}
{"Query":"{{escape .ExecuteQuery[0]}}"}
{"Query":"status:>=400 | select count(*) as \\"错误日志数\\""}
{{substr .variable start}} 或 {{substr .variable start length}}
{{.QueryLog[0][0].fileName}}
变量值为:/root/testLog/nginx.log
{{substr .QueryLog[0][0].fileName 6 7 }}
testLog
{{extract .variable "startstring" ["endstring"]}}
{{.QueryLog[0][0].fileName}}
变量值为:/root/testLog/nginx.log
/root/
和 /nginx
之间的字符串:{{extract .QueryLog[0][0].fileName "/root/" "/nginx"}}
testLog
{{containstr .variable "searchstring"}}
{{.QueryLog[0][0].fileName}}
变量值为:/root/testLog/nginx.log
/root/
和 /nginx
之间的字符串:{{if containstr .QueryLog[0][0].fileName "test"}}测试日志{{else}}非测试日志{{end}}
测试日志
{{fromUnixTime .variable}} 或 {{fromUnixTime .variable "timezone"}}
{{.QueryLog[0][0].time}}
变量值为:1653893435008
{{fromUnixTime .QueryLog[0][0].time}}{{fromUnixTime .QueryLog[0][0].time "Asia/Shanghai"}}{{fromUnixTime .QueryLog[0][0].time "Asia/Tokyo"}}
2022-05-30 14:50:35.008 +0800 CST2022-05-30 14:50:35.008 +0800 CST2022-05-30 15:50:35.008 +0900 JST
{{concat .variable1 .variable2 ...}}
{{concat .Region .Alarm}}
广州 alarmTest
{{base64_encode .variable}}{{base64_decode .variable}}{{base64url_encode .variable}}{{base64url_decode .variable}}{{url_encode .variable}}{{url_decode .variable}}
{{base64_encode "test测试"}}{{base64_decode "dGVzdOa1i+ivlQ=="}}{{base64url_encode "test测试"}}{{base64url_decode "dGVzdOa1i-ivlQ=="}}{{url_encode "https://console.tencentcloud.com:80/cls?region=ap-chongqing"}}{{url_decode "https%3A%2F%2Fconsole.cloud.tencent.com%3A80%2Fcls%3Fregion%3Dap-chongqing"}}
dGVzdOa1i+ivlQ==test测试dGVzdOa1i-ivlQ==test测试https%3A%2F%2Fconsole.cloud.tencent.com%3A80%2Fcls%3Fregion%3Dap-chongqinghttps://console.tencentcloud.com:80/cls?region=ap-chongqing
{{md5 .variable}}{{md5 .variable | base64_encode}}{{md5 .variable | base64url_encode}}{{sha1 .variable}}{{sha1 .variable | base64_encode}}{{sha1 .variable | base64url_encode}}{{sha256 .variable}}{{sha256 .variable | base64_encode}}{{sha256 .variable | base64url_encode}}{{sha512 .variable}}{{sha512 .variable | base64_encode}}{{sha512 .variable | base64url_encode}}
{{md5 "test"}}{{md5 "test" | base64_encode}}{{md5 "test" | base64url_encode}}{{sha1 "test"}}{{sha1 "test" | base64_encode}}{{sha1 "test" | base64url_encode}}{{sha256 "test"}}{{sha256 "test" | base64_encode}}{{sha256 "test" | base64url_encode}}{{sha512 "test"}}{{sha512 "test" | base64_encode}}{{sha512 "test" | base64url_encode}}
098F6BCD4621D373CADE4E832627B4F6CY9rzUYh03PK3k6DJie09g==CY9rzUYh03PK3k6DJie09g==A94A8FE5CCB19BA61C4C0873D391E987982FBBD3qUqP5cyxm6YcTAhz05Hph5gvu9M=qUqP5cyxm6YcTAhz05Hph5gvu9M=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg=EE26B0DD4AF7E749AA1A8EE3C10AE9923F618980772E473F8819A5D4940E0DB27AC185F8A0E1D5F84F88BC887FD67B143732C304CC5FA9AD8E6F57F50028A8FF7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc_iBml1JQODbJ6wYX4oOHV-E-IvIh_1nsUNzLDBMxfqa2Ob1f1ACio_w==
{{hmac_md5 .variable "Secretkey"}}{{hmac_md5 .variable "Secretkey" | base64_encode}}{{hmac_md5 .variable "Secretkey" | base64url_encode}}{{hmac_sha1 .variable "Secretkey"}}{{hmac_sha1 .variable "Secretkey" | base64_encode}}{{hmac_sha1 .variable "Secretkey" | base64url_encode}}{{hmac_sha256 .variable "Secretkey"}}{{hmac_sha256 .variable "Secretkey" | base64_encode}}{{hmac_sha256 .variable "Secretkey" | base64url_encode}}{{hmac_sha512 .variable "Secretkey"}}{{hmac_sha512 .variable "Secretkey" | base64_encode}}{{hmac_sha512 .variable "Secretkey" | base64url_encode}}
{{hmac_md5 "test" "Secretkey"}}{{hmac_md5 "test" "Secretkey" | base64_encode}}{{hmac_md5 "test" "Secretkey" | base64url_encode}}{{hmac_sha1 "test" "Secretkey"}}{{hmac_sha1 "test" "Secretkey" | base64_encode}}{{hmac_sha1 "test" "Secretkey" | base64url_encode}}{{hmac_sha256 "test" "Secretkey"}}{{hmac_sha256 "test" "Secretkey" | base64_encode}}{{hmac_sha256 "test" "Secretkey" | base64url_encode}}{{hmac_sha512 "test" "Secretkey"}}{{hmac_sha512 "test" "Secretkey" | base64_encode}}{{hmac_sha512 "test" "Secretkey" | base64url_encode}}
E7B946D930658699AA668601E33E87CE57lG2TBlhpmqZoYB4z6Hzg==57lG2TBlhpmqZoYB4z6Hzg==2AB64F124D932F5033EAC7AF392AC5CC4D52F503KrZPEk2TL1Az6sevOSrFzE1S9QM=KrZPEk2TL1Az6sevOSrFzE1S9QM=FC49EBC05209B1359773D87C216BA85BCE0163FDE459EA37AB603EC9D8445D23/EnrwFIJsTWXc9h8IWuoW84BY/3kWeo3q2A+ydhEXSM=_EnrwFIJsTWXc9h8IWuoW84BY_3kWeo3q2A-ydhEXSM=D18DF3D943F74769A8B66E43D7EF03639BB6B8B8A2EBC9976170DC58EEE58BE98478F3183E4B5AA3481DE12026AAE3843F8213B39D639EAC6EE93734EA667BC50Y3z2UP3R2motm5D1+8DY5u2uLii68mXYXDcWO7li+mEePMYPktao0gd4SAmquOEP4ITs51jnqxu6Tc06mZ7xQ==0Y3z2UP3R2motm5D1-8DY5u2uLii68mXYXDcWO7li-mEePMYPktao0gd4SAmquOEP4ITs51jnqxu6Tc06mZ7xQ==
{{range $key,$value := .QueryLog[0][0].content}}{{if not (containstr $key "__TAG__")}}{{- $key}}:{{$value}}{{- end}}{{- end}}
.QueryLog[0][0]
代表符合告警策略第一条执行语句检索条件的最近一条详细日志,其值为:{"content": {"__TAG__": {"a": "b12fgfe","c": "fgerhcdhgj"},"body_bytes_sent": "33704","http_referer": "-","http_user_agent": "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36","remote_addr": "247.0.249.191","remote_user": "-","request_method": "GET","request_uri": "/products/hadoop)","status": "404","time_local": "01/Nov/2018:07:54:08"},"fileName": "/root/testLog/nginx.log","pkg_id": "285A243662909DE3-210B","source": "172.17.0.2","time": 1653908859008,"topicId": "a54de372-ffe0-49ae-a12e-c340bb2b03f2"}
remote_addr:247.0.249.191time_local:01/Nov/2018:07:54:08http_user_agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36remote_user:-http_referer:-body_bytes_sent:33704request_method:GETrequest_uri:/products/hadoop)status:404
status:>=400 | select count(*) as errorLogCount,request_uri group by request_uri order by count(*) desc
触发条件为:$1.errorLogCount > 10
{{range .QueryResult[0]}}{{- if gt .errorLogCount 10}}{{.request_uri}}错误日志数:{{.errorLogCount}}{{- end}}{{- end}}
.QueryResult[0]
代表告警策略第一条执行语句的执行结果,其值为:[{"errorLogCount": 161,"request_uri": "/apple-touch-icon-144x144.png"}, {"errorLogCount": 86,"request_uri": "/opt/node_apps/test-v5/app/themes/basic/public/static/404.html"}, {"errorLogCount": 33,"request_uri": "/feed"}, {"errorLogCount": 26,"request_uri": "/wp-login.php"}, {"errorLogCount": 10,"request_uri": "/safari-pinned-tab.svg"}, {"errorLogCount": 7,"request_uri": "/mstile-144x144.png"}, {"errorLogCount": 4,"request_uri": "/atom.xml"}, {"errorLogCount": 3,"request_uri": "/content/plugins/prettify-gc-syntax-highlighter/launch.js?ver=3.5.2?ver=3.5.2"}]
/apple-touch-icon-144x144.png错误日志数:161/opt/node_apps/elastic-v5/app/themes/basic/public/static/404.html错误日志数:86/feed错误日志数:33/wp-login.php错误日志数:26
本页内容是否解决了您的问题?