Trigger conditions

BLS

  • Function Release Records
  • Product Description
    • Usage restrictions
    • Product Introduction
  • Product pricing
  • Quick Start
    • Introduction
    • Install agent
    • Create LogStore
    • Create Transmission Task
    • Log Analysis and Alerting
    • Create Delivery Task
  • Operation guide
    • Baidu Intelligent Cloud Environment Preparation
    • Overview
    • Identity and access management
    • Logset Management
    • Agent
      • Install Agent on Host
      • Install Agent in K8s Environment
      • Agent Management
      • Agent Release Version
      • Set Agent Startup Parameters
    • Log Collection
      • Transmission Task Collection
        • Create Transmission Task
        • Manage Transmission Task
      • Uploading Logs Using Kafka Protocol
    • Query analysis
      • Log query
      • SQL Syntax
      • Search Syntax
    • Dashboard
      • Overview
      • Management Dashboard
      • Management Dashboard Charts
    • Alarm management
      • Alert Overview
      • Alarm strategy
        • Management alarm strategy
        • Trigger conditions
      • Alarm history
      • Alert execution statistics
      • Alarm notification
        • Alarm Notification Template
        • Alarm callback
    • Data processing
      • Log Delivery
        • Log Delivery Overview
        • Create Delivery Task
        • Manage Delivery Task
      • Scheduled SQL Analysis
        • Manage Scheduled SQL Analysis Task
        • Create Scheduled SQL Analysis Task
      • Real-Time Consumption
      • Data processing
        • Data processing
          • Overview of data processing functions
          • Process control function
          • Mapping enrichment functions
          • Event operation functions
          • Field operation functions
          • Field value extraction functions
    • Log Applications
      • Intelligent Diagnostics
  • Best Practices
    • Use Year-Over-Year and Month-Over-Month as Alert Trigger Conditions
    • BLS Integration with Kibana
    • Use BLS via Grafana
  • Development Guide
    • API Reference
      • API function release records
      • API Overview
      • Interface Overview
      • General Description
      • Service domain
      • Common error codes
      • Terminology
      • Project Related APIs
        • Create Project
        • Update Project
        • Describe Project
        • Delete Project
        • List Project
      • LogStore Related APIs
        • Create LogStore
        • Update LogStore
        • Delete LogStore
        • Describe LogStore
        • Batch Get LogStore
        • List LogStore
      • LogStream Related APIs
        • List LogStream
      • LogRecord Related APIs
        • Push log PushLogRecord
        • Obtain logrecord PullLogRecord
        • Search analysis log QueryLogRecord
        • Histogram API QueryLogHistogram
      • Fast Query FastQuery Related Interfaces
        • Create Fast Query CreateFastQuery
        • Update Fast Query UpdateFastQuery
        • Delete Fast Query DeleteFastQuery
        • Get Fast Query Details DescribeFastQuery
        • Get Fast Query List ListFastQuery
      • Index Related APIs
        • Create Index
        • Update Index
        • Delete Index
        • Describe Index
      • Log Shipper LogShipper Related Interfaces
        • Create Log Shipper
        • Update Log Shipper
        • Set Single Log Shipper Status
        • Delete Single Log Shipper
        • Bulk Delete Log Shipper
        • List Log Shipper Records
        • List Log Shipper
        • Bulk Set Log Shipper Status
        • Get Log Shipper
      • Alarm-Related Interfaces
        • CreateAlarmPolicy
        • UpdateAlarmPolicy
        • DeleteAlarmPolicy
        • ValidateAlarmCondition
        • ValidateAlarmPolicySQL
        • EnableAlarmPolicy
        • DescribeAlarmRecord
        • DisableAlarmPolicy
        • DescribeAlarmPolicy
        • ListAlarmPolicy
        • ListAlarmRecord
        • ListAlarmExecutionStats
        • ListAlarmExecutions
      • LogStore Template-Related Interfaces
        • CreateLogStoreTemplate
        • UpdateLogStoreTemplate
        • DeleteLogStoreTemplates
        • DescribeLogStoreTemplates
        • DescribeLogStoreTemplate
      • Download Log Download Related Interfaces
        • Create Download Task CreateDownloadTask
        • Get Download Task List ListDownloadTask
        • Delete Download Task DeleteDownloadTask
        • Get Download Task Address GetDownloadTaskLink
        • Get Download Task Details DescribeDownloadTask
      • LogAlarm Related Interfaces
        • SetLogAlarmStatus
        • deleteLogAlarm
        • createLogAlarm
        • listLogAlarm
        • updateLogAlarm
        • BulkDeleteLogAlarm
        • PreviewAlarmLogRecord
        • getLogAlarm
        • BulkSetLogAlarmStatus
      • Transmission Task Related Interfaces
        • Create Task CreateTask
        • UpdateTask
      • Interfaces Compatible with Elasticsearch
        • ResolveIndex
        • FieldCaps
        • TermsEnum
        • AsyncSearch
    • SDK Reference
      • Go SDK
        • Overview
        • Initialization
        • Version Release Records
        • Project Operations
        • LogStore Operations
        • Install the SDK Package
        • LogStream Operations
        • LogRecord Operations
        • FastQuery Operations
        • LogShipper Operations
        • Index Operations
        • Download Task Operations
      • Java SDK
        • Overview
        • Install the SDK Package
        • LogRecord Operations
      • iOS SDK
        • Overview
        • Quick start
        • Version Release Records
      • Android SDK
        • Overview
        • Quick start
        • Version Release Records
      • Android & iOS SDK Download
      • SDK Privacy Policy
      • SDK Developer Personal Information Protection Compliance Guide
    • Importing SLS Collection Configuration
  • FAQs
    • Common Questions Overview
    • Fault-related questions
    • Configuration-related questions
  • Log Service Level Agreement SLA
All documents
menu
No results found, please re-enter

BLS

  • Function Release Records
  • Product Description
    • Usage restrictions
    • Product Introduction
  • Product pricing
  • Quick Start
    • Introduction
    • Install agent
    • Create LogStore
    • Create Transmission Task
    • Log Analysis and Alerting
    • Create Delivery Task
  • Operation guide
    • Baidu Intelligent Cloud Environment Preparation
    • Overview
    • Identity and access management
    • Logset Management
    • Agent
      • Install Agent on Host
      • Install Agent in K8s Environment
      • Agent Management
      • Agent Release Version
      • Set Agent Startup Parameters
    • Log Collection
      • Transmission Task Collection
        • Create Transmission Task
        • Manage Transmission Task
      • Uploading Logs Using Kafka Protocol
    • Query analysis
      • Log query
      • SQL Syntax
      • Search Syntax
    • Dashboard
      • Overview
      • Management Dashboard
      • Management Dashboard Charts
    • Alarm management
      • Alert Overview
      • Alarm strategy
        • Management alarm strategy
        • Trigger conditions
      • Alarm history
      • Alert execution statistics
      • Alarm notification
        • Alarm Notification Template
        • Alarm callback
    • Data processing
      • Log Delivery
        • Log Delivery Overview
        • Create Delivery Task
        • Manage Delivery Task
      • Scheduled SQL Analysis
        • Manage Scheduled SQL Analysis Task
        • Create Scheduled SQL Analysis Task
      • Real-Time Consumption
      • Data processing
        • Data processing
          • Overview of data processing functions
          • Process control function
          • Mapping enrichment functions
          • Event operation functions
          • Field operation functions
          • Field value extraction functions
    • Log Applications
      • Intelligent Diagnostics
  • Best Practices
    • Use Year-Over-Year and Month-Over-Month as Alert Trigger Conditions
    • BLS Integration with Kibana
    • Use BLS via Grafana
  • Development Guide
    • API Reference
      • API function release records
      • API Overview
      • Interface Overview
      • General Description
      • Service domain
      • Common error codes
      • Terminology
      • Project Related APIs
        • Create Project
        • Update Project
        • Describe Project
        • Delete Project
        • List Project
      • LogStore Related APIs
        • Create LogStore
        • Update LogStore
        • Delete LogStore
        • Describe LogStore
        • Batch Get LogStore
        • List LogStore
      • LogStream Related APIs
        • List LogStream
      • LogRecord Related APIs
        • Push log PushLogRecord
        • Obtain logrecord PullLogRecord
        • Search analysis log QueryLogRecord
        • Histogram API QueryLogHistogram
      • Fast Query FastQuery Related Interfaces
        • Create Fast Query CreateFastQuery
        • Update Fast Query UpdateFastQuery
        • Delete Fast Query DeleteFastQuery
        • Get Fast Query Details DescribeFastQuery
        • Get Fast Query List ListFastQuery
      • Index Related APIs
        • Create Index
        • Update Index
        • Delete Index
        • Describe Index
      • Log Shipper LogShipper Related Interfaces
        • Create Log Shipper
        • Update Log Shipper
        • Set Single Log Shipper Status
        • Delete Single Log Shipper
        • Bulk Delete Log Shipper
        • List Log Shipper Records
        • List Log Shipper
        • Bulk Set Log Shipper Status
        • Get Log Shipper
      • Alarm-Related Interfaces
        • CreateAlarmPolicy
        • UpdateAlarmPolicy
        • DeleteAlarmPolicy
        • ValidateAlarmCondition
        • ValidateAlarmPolicySQL
        • EnableAlarmPolicy
        • DescribeAlarmRecord
        • DisableAlarmPolicy
        • DescribeAlarmPolicy
        • ListAlarmPolicy
        • ListAlarmRecord
        • ListAlarmExecutionStats
        • ListAlarmExecutions
      • LogStore Template-Related Interfaces
        • CreateLogStoreTemplate
        • UpdateLogStoreTemplate
        • DeleteLogStoreTemplates
        • DescribeLogStoreTemplates
        • DescribeLogStoreTemplate
      • Download Log Download Related Interfaces
        • Create Download Task CreateDownloadTask
        • Get Download Task List ListDownloadTask
        • Delete Download Task DeleteDownloadTask
        • Get Download Task Address GetDownloadTaskLink
        • Get Download Task Details DescribeDownloadTask
      • LogAlarm Related Interfaces
        • SetLogAlarmStatus
        • deleteLogAlarm
        • createLogAlarm
        • listLogAlarm
        • updateLogAlarm
        • BulkDeleteLogAlarm
        • PreviewAlarmLogRecord
        • getLogAlarm
        • BulkSetLogAlarmStatus
      • Transmission Task Related Interfaces
        • Create Task CreateTask
        • UpdateTask
      • Interfaces Compatible with Elasticsearch
        • ResolveIndex
        • FieldCaps
        • TermsEnum
        • AsyncSearch
    • SDK Reference
      • Go SDK
        • Overview
        • Initialization
        • Version Release Records
        • Project Operations
        • LogStore Operations
        • Install the SDK Package
        • LogStream Operations
        • LogRecord Operations
        • FastQuery Operations
        • LogShipper Operations
        • Index Operations
        • Download Task Operations
      • Java SDK
        • Overview
        • Install the SDK Package
        • LogRecord Operations
      • iOS SDK
        • Overview
        • Quick start
        • Version Release Records
      • Android SDK
        • Overview
        • Quick start
        • Version Release Records
      • Android & iOS SDK Download
      • SDK Privacy Policy
      • SDK Developer Personal Information Protection Compliance Guide
    • Importing SLS Collection Configuration
  • FAQs
    • Common Questions Overview
    • Fault-related questions
    • Configuration-related questions
  • Log Service Level Agreement SLA
  • Document center
  • arrow
  • BLS
  • arrow
  • Operation guide
  • arrow
  • Alarm management
  • arrow
  • Alarm strategy
  • arrow
  • Trigger conditions
Table of contents on this page
  • Function overview
  • Syntax
  • Example of trigger condition configuration
  • CASE1: Monitor aggregated metrics and set to trigger an alarm when it exceeds a certain threshold
  • CASE2: After filtering keywords, monitor aggregated metrics and set to trigger an alarm when it exceeds a certain threshold
  • CASE3 Trigger an alarm when Error-level logs appear

Trigger conditions

Updated at:2025-11-03

Function overview

Trigger condition expressions evaluate whether an alert should be triggered. The execution statement results serve as input variables for these expressions. If the evaluation deems the expression true, an alert will be activated.

Syntax

Operator Description Example
$N.__QUERYCOUNT__ Number of execution statement results, where N is the corresponding execution statement number, with a maximum value of 100.
Execution statements without SQL: Number of original log entries matching the retrieval criteria;
Execution statements with SQL: Number of results returned by the SQL (Note: The number of SQL results does not refer to the statistical result of the SQL. For example, if a count(*) result is 0, the number of results is still 1).		 $1.__QUERYCOUNT__
$N.keyname Refer to the output of an execution statement, where N is the respective execution statement number and keyname corresponds to a field in the execution statement's result. $1.ErrCount $1.value
+ Summation operator $1.ErrCount + $1.FatCount > 10
- Subtraction operator $1.Count - $1.InfoCount > 100
* Multiplication operator $1.RequestMilSec * 1000 > 10
/ Division operator $1.RequestSec / 1000 > 0.01
% Modulo operator $1.keyA % 10 == 0
== Comparison operator: Equal to $1.ErrCount == 100 $1.level == "Error"
> Comparison operator: greater than $1.ErrCount > 100
< Comparison operator: less than $1.pv < 100
>= Comparison operator: greater than or equal to $1.ErrCount >= 100
<= Comparison operator: less than or equal to $1.pv <= 100
!= Comparison operator: not equal to $1.level != "Info"
() Brackets, controlling operation precedence ($1.a + $1.b) / $1.c > 100
&& Logical operator: AND $1.ErrCount > 100 && $1.level == "Error"
|| Logical operator: or $1.ErrCount > 100 || $1.level == "Error"

Example of trigger condition configuration

Log Sample

@stream Level CountSkipRows
stream1 Error 23
stream1 Info 0
stream2 Error 1

CASE1: Monitor aggregated metrics and set to trigger an alarm when it exceeds a certain threshold

Execution statement: select CountSkipRows
Trigger condition: $1.CountSkipRows>10

CASE2: After filtering keywords, monitor aggregated metrics and set to trigger an alarm when it exceeds a certain threshold

Execution statement: match stream1 | SELECT CountSkipRows
Trigger condition: $1.CountSkipRows>10

CASE3 Trigger an alarm when Error-level logs appear

Execution statement: match Level: Error
Trigger conditions: $1.__QUERYCOUNT__>0

Or

Execution statement: match Level: Error | select count(*) as cnt
Trigger conditions: $1.cnt >0

Previous
Management alarm strategy
Next
Alarm history