Detection Rules¶
Guance supports over a dozen monitoring detection rules, covering different data ranges.
Rule Types¶
Rule Name |
Data Range |
Basic Description |
|---|---|---|
| Threshold Detection | All | Abnormality detection on metric data based on set thresholds. |
| Mutation Detection | Metrics(M) | Abnormality detection for sudden irregular behavior in metrics based on historical data, suitable for business data and short time windows. |
| Interval Detection | Metrics(M) | Detection of abnormal data points in metrics based on dynamic threshold ranges, suitable for stable trend timelines. |
| Interval Detection V2 | Metrics(M) | Detection of abnormal data points in metrics based on dynamic threshold ranges, suitable for stable trend timelines. |
| Outlier Detection | Metrics(M) | Detects whether there are outlier deviations in the metrics/statistics of the detected object under specific groupings. |
| Log Detection | Logs(L) | Abnormality detection for business applications based on log data. |
| Process Anomaly Detection | Process Objects(O::host_processes) |
Periodic detection of process data to understand process anomalies. |
| Infrastructure Survival Detection V2 | Objects(O) | Based on infrastructure object data, set survival conditions to monitor the stability of infrastructure. |
| Application Performance Metric Detection | Tracing(T) | Based on application performance monitoring data, set threshold rules to detect abnormal situations. |
| User Access Metric Detection | User Access Data(R) | Based on user access monitoring data, set threshold rules to detect abnormal situations. |
| Composite Detection | All | Combine multiple monitors' results into one monitor through expressions and trigger alerts based on the combined results. |
| Security Check Anomaly Detection | Security Checks(S) | Abnormality detection based on data generated by security checks, effectively sensing the health status of hosts. |
| Usability Data Detection | Usability Data(L::type) |
Based on usability monitoring data, set threshold rules to detect abnormal situations. |
| Network Data Detection | Network(N) | Based on network data, set threshold rules to detect the stability of network performance. |
| External Event Detection | Others | By specifying a URL address, send abnormal events or records produced by third-party systems via POST requests to an HTTP server to generate Guance event data. |
Start Configuration¶
Detection Configuration¶
Set corresponding detection frequencies, detection intervals, detection metrics, etc., for different detection rules.
Event Notifications¶
Event Title¶
Define the event name for alarm triggering conditions; you can use preset template variables.
Note: In the latest version, the monitor name will be automatically generated after entering the event title. There may be inconsistencies between the monitor names and event titles in older monitors. For a better experience, please synchronize to the latest version as soon as possible.
Event Content¶
Write the event notification content, which the system will send externally when the trigger conditions are met. You can input Markdown formatted text information and preview the effect; related links and template variables can also be used.
Custom Notification Content¶
By default, Guance uses the event content as the alert notification content. If you need to customize the actual external notification, you can enable the switch here and fill in the notification information.
Note: Different alert notification targets support different Markdown syntaxes, for example: WeCom does not support unordered lists.
Related Links¶
Monitors will automatically generate jump links based on the detection metrics in the detection configuration. You can adjust filtering conditions and time ranges after inserting the link. This is usually a fixed link prefix that contains the current domain name and workspace ID; you can also choose to customize the jump link.
Among these, if you need to insert a link to a dashboard, based on the above logic, you also need to supplement the dashboard's ID and name, and adjust view variables and time ranges as needed.
Custom Advanced Settings¶
You can add associated logs or error stacks in the event content through advanced settings to view contextual data when abnormalities occur:
- Add related logs:
Query:
For example, get a log message with index default:
Associated log:
- Add related error stack
Query:
{% set dql_data = DQL("T::re(`.*`):(`error_message`,`error_stack`){ (`source` NOT IN ['service_map', 'tracing_stat', 'service_list_1m', 'service_list_1d', 'service_list_1h', 'profile']) AND (`error_stack` = exists()) } LIMIT 1") %}
Associated error stack:
Data Gap Events¶
Customize the content of notifications for data gaps. You can configure the title and content of such events that will ultimately be sent out.
If no configuration is made here, the official default notification template will be automatically used when sending out.
Associated Incidents¶
After enabling association, if an abnormal event occurs under this monitor, an Issue will be created simultaneously. You can choose to create Issues based on different event levels.
- Select event level;
- Define the final level of the resulting Issue;
- Choose the responsible person for this type of Issue;
- Select the delivery channel;
- Optionally choose whether to close the Issue synchronously after the event recovers.
Issues generated here can be viewed in Incident > the selected channel.
Alert Configuration¶
Once the monitor meets the trigger conditions, immediately send an alert message to the specified notification target. The alert strategy includes the event levels to notify, notification targets, and alert silence cycles.
Alert strategies support single or multiple selections, click the strategy name to expand the details page. To modify the strategy, click Edit Alert Strategy.
Association¶
Associate Dashboard: Each monitor supports associating with a dashboard for quick jumps to check.
Permissions¶
After setting the operation permissions for the monitor, roles, team members, and space users in your current workspace will perform corresponding operations based on assigned permissions. This ensures that different users perform operations consistent with their roles and permission levels.
- Do not enable this configuration: Follow the default permissions in "Monitor Configuration Management";
- Enable this configuration and select custom permission objects: Only the creator and authorized objects can enable/disable, edit, or delete the rules set for this monitor;
- Enable this configuration but do not select custom permission objects: Only the creator has the enable/disable, edit, and delete permissions for this monitor.
Note: The Owner role in the current workspace is not affected by this operational permission configuration.
Recover Monitors¶
Guance allows you to view existing monitor statuses, last update times, creation times, and creators. You can recover monitor history configurations to quickly collaborate with other team members and update monitors.
Operation Example:
In Monitoring > Monitors, select an existing monitor to edit. On the monitor configuration page, click the button at the top right corner to view the monitor's status, last update time, creation time, and creator.
Click the view button to the right of the update time in the above image to open a new browser window showing the previous version of the monitor configuration;
Click the Restore This Version button at the top right corner of the previous version monitor. In the pop-up dialog box, confirm the restore to edit and save the previous version of the monitor configuration.
