When the alert management system of Log Service processes alerts that have the same fingerprint, the system classifies the alerts as the same alert. The system retains only one of the alerts and deletes the remaining duplicate alerts. This topic describes how to deduplicate alerts based on fingerprints.

Working principle

When the alert management system processes alerts, the system calculates a fingerprint for each alert. Alerts that have the same fingerprint are considered the same alert. An alert fingerprint is calculated based on the following alert attributes:
  • The ID of the Alibaba Cloud account to which the alert monitoring rule belongs
  • The project to which the alert monitoring rule belongs
  • The ID of the alert monitoring rule
  • Alert labels

Example

After you configure an alert monitoring rule, the alert management system generates three alerts. However, the system retains only Alert1 and Alert3 and deletes Alert2. Causes:
  • Alert1 and Alert2 have the same fingerprint and are considered the same alert. Therefore, only one alert is retained.
  • Alert1 and Alert3 have different labels and are considered different alerts. Therefore, both alerts are retained.
// Alert1
{
  "aliuid": "12345",
  "project": "Project1",
  "alert_id": "alert-123",
  "labels": {
    "host": "host-1"
  },
  "annotations": {
    "title": "High CPU utilization",
    "desc": "The current CPU utilization is 90%."
  }
}

// Alert2
{
  "aliuid": "12345",
  "project": "Project1",
  "alert_id": "alert-123",
  "labels": {
    "host": "host-1"
  },
  "annotations": {
    "title": "High CPU utilization",
    "desc": "The current CPU utilization is 95%."
  }
}

// Alert3
{
  "aliuid": "12345",
  "project": "Project1",
  "alert_id": "alert-123",
  "labels": {
    "host": "host-2"
  },
  "annotations": {
    "title": "High CPU utilization",
    "desc": "The current CPU utilization is 90%."
  }
}