logzio 1.26.0 published on Tuesday, Nov 4, 2025 by logzio
logzio.UnifiedAlert
logzio 1.26.0 published on Tuesday, Nov 4, 2025 by logzio
# Unified Alert Resource
Provides a Logz.io unified alert resource. This resource allows you to create and manage both log-based and metric-based alerts through a single unified API.
Note: This is a POC (Proof of Concept) endpoint for the unified alerts API.
The unified alert resource models either a log alert or a metric alert:
- When
type = "LOG_ALERT", configure thelog_alertblock and do not setmetric_alert. - When
type = "METRIC_ALERT", configure themetric_alertblock and do not setlog_alert.
Example Usage
Log Alert (Full)
import * as pulumi from "@pulumi/pulumi";
import * as logzio from "@pulumi/logzio";
const logAlertExample = new logzio.UnifiedAlert("logAlertExample", {
title: "High error rate in checkout service",
type: "LOG_ALERT",
description: "Triggers when the error rate of the checkout service exceeds the defined threshold.",
tags: [
"environment:production",
"service:checkout",
],
enabled: true,
folderId: "unified-folder-uid",
dashboardId: "unified-dashboard-uid",
panelId: "A",
runbook: "If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.",
rca: true,
rcaNotificationEndpointIds: [
101,
102,
],
useAlertNotificationEndpointsForRca: true,
logAlert: {
searchTimeframeMinutes: 15,
output: {
type: "JSON",
suppressNotificationsMinutes: 30,
recipients: {
emails: [
"devops@company.com",
"oncall@company.com",
],
notificationEndpointIds: [
11,
12,
],
},
},
subComponents: [{
queryDefinition: {
query: "kubernetes.container_name:checkout AND level:error",
filters: JSON.stringify({
bool: {
must: [],
should: [],
filter: [],
must_not: [],
},
}),
groupBies: ["kubernetes.pod_name"],
aggregation: {
aggregationType: "SUM",
fieldToAggregateOn: "error_count",
},
shouldQueryOnAllAccounts: false,
accountIdsToQueryOns: [12345],
},
trigger: {
operator: "GREATER_THAN",
severityThresholdTiers: [
{
severity: "HIGH",
threshold: 100,
},
{
severity: "MEDIUM",
threshold: 50,
},
],
},
output: {
shouldUseAllFields: false,
columns: [{
fieldName: "kubernetes.pod_name",
sort: "DESC",
}],
},
}],
correlations: {
correlationOperators: ["AND"],
},
schedule: {
cronExpression: "*/1 * * * *",
timezone: "UTC",
},
},
});
import pulumi
import json
import pulumi_logzio as logzio
log_alert_example = logzio.UnifiedAlert("logAlertExample",
title="High error rate in checkout service",
type="LOG_ALERT",
description="Triggers when the error rate of the checkout service exceeds the defined threshold.",
tags=[
"environment:production",
"service:checkout",
],
enabled=True,
folder_id="unified-folder-uid",
dashboard_id="unified-dashboard-uid",
panel_id="A",
runbook="If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.",
rca=True,
rca_notification_endpoint_ids=[
101,
102,
],
use_alert_notification_endpoints_for_rca=True,
log_alert={
"search_timeframe_minutes": 15,
"output": {
"type": "JSON",
"suppress_notifications_minutes": 30,
"recipients": {
"emails": [
"devops@company.com",
"oncall@company.com",
],
"notification_endpoint_ids": [
11,
12,
],
},
},
"sub_components": [{
"query_definition": {
"query": "kubernetes.container_name:checkout AND level:error",
"filters": json.dumps({
"bool": {
"must": [],
"should": [],
"filter": [],
"must_not": [],
},
}),
"group_bies": ["kubernetes.pod_name"],
"aggregation": {
"aggregation_type": "SUM",
"field_to_aggregate_on": "error_count",
},
"should_query_on_all_accounts": False,
"account_ids_to_query_ons": [12345],
},
"trigger": {
"operator": "GREATER_THAN",
"severity_threshold_tiers": [
{
"severity": "HIGH",
"threshold": 100,
},
{
"severity": "MEDIUM",
"threshold": 50,
},
],
},
"output": {
"should_use_all_fields": False,
"columns": [{
"field_name": "kubernetes.pod_name",
"sort": "DESC",
}],
},
}],
"correlations": {
"correlation_operators": ["AND"],
},
"schedule": {
"cron_expression": "*/1 * * * *",
"timezone": "UTC",
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/logzio/logzio"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"bool": map[string]interface{}{
"must": []interface{}{},
"should": []interface{}{},
"filter": []interface{}{},
"must_not": []interface{}{},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = logzio.NewUnifiedAlert(ctx, "logAlertExample", &logzio.UnifiedAlertArgs{
Title: pulumi.String("High error rate in checkout service"),
Type: pulumi.String("LOG_ALERT"),
Description: pulumi.String("Triggers when the error rate of the checkout service exceeds the defined threshold."),
Tags: pulumi.StringArray{
pulumi.String("environment:production"),
pulumi.String("service:checkout"),
},
Enabled: pulumi.Bool(true),
FolderId: pulumi.String("unified-folder-uid"),
DashboardId: pulumi.String("unified-dashboard-uid"),
PanelId: pulumi.String("A"),
Runbook: pulumi.String("If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary."),
Rca: pulumi.Bool(true),
RcaNotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(101),
pulumi.Float64(102),
},
UseAlertNotificationEndpointsForRca: pulumi.Bool(true),
LogAlert: &logzio.UnifiedAlertLogAlertArgs{
SearchTimeframeMinutes: pulumi.Float64(15),
Output: &logzio.UnifiedAlertLogAlertOutputTypeArgs{
Type: pulumi.String("JSON"),
SuppressNotificationsMinutes: pulumi.Float64(30),
Recipients: &logzio.UnifiedAlertLogAlertOutputRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("devops@company.com"),
pulumi.String("oncall@company.com"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(11),
pulumi.Float64(12),
},
},
},
SubComponents: logzio.UnifiedAlertLogAlertSubComponentArray{
&logzio.UnifiedAlertLogAlertSubComponentArgs{
QueryDefinition: &logzio.UnifiedAlertLogAlertSubComponentQueryDefinitionArgs{
Query: pulumi.String("kubernetes.container_name:checkout AND level:error"),
Filters: pulumi.String(json0),
GroupBies: pulumi.StringArray{
pulumi.String("kubernetes.pod_name"),
},
Aggregation: &logzio.UnifiedAlertLogAlertSubComponentQueryDefinitionAggregationArgs{
AggregationType: pulumi.String("SUM"),
FieldToAggregateOn: pulumi.String("error_count"),
},
ShouldQueryOnAllAccounts: pulumi.Bool(false),
AccountIdsToQueryOns: pulumi.Float64Array{
pulumi.Float64(12345),
},
},
Trigger: &logzio.UnifiedAlertLogAlertSubComponentTriggerArgs{
Operator: pulumi.String("GREATER_THAN"),
SeverityThresholdTiers: logzio.UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArray{
&logzio.UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs{
Severity: pulumi.String("HIGH"),
Threshold: pulumi.Float64(100),
},
&logzio.UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs{
Severity: pulumi.String("MEDIUM"),
Threshold: pulumi.Float64(50),
},
},
},
Output: &logzio.UnifiedAlertLogAlertSubComponentOutputTypeArgs{
ShouldUseAllFields: pulumi.Bool(false),
Columns: logzio.UnifiedAlertLogAlertSubComponentOutputColumnArray{
&logzio.UnifiedAlertLogAlertSubComponentOutputColumnArgs{
FieldName: pulumi.String("kubernetes.pod_name"),
Sort: pulumi.String("DESC"),
},
},
},
},
},
Correlations: &logzio.UnifiedAlertLogAlertCorrelationsArgs{
CorrelationOperators: pulumi.StringArray{
pulumi.String("AND"),
},
},
Schedule: &logzio.UnifiedAlertLogAlertScheduleArgs{
CronExpression: pulumi.String("*/1 * * * *"),
Timezone: pulumi.String("UTC"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Logzio = Pulumi.Logzio;
return await Deployment.RunAsync(() =>
{
var logAlertExample = new Logzio.UnifiedAlert("logAlertExample", new()
{
Title = "High error rate in checkout service",
Type = "LOG_ALERT",
Description = "Triggers when the error rate of the checkout service exceeds the defined threshold.",
Tags = new[]
{
"environment:production",
"service:checkout",
},
Enabled = true,
FolderId = "unified-folder-uid",
DashboardId = "unified-dashboard-uid",
PanelId = "A",
Runbook = "If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.",
Rca = true,
RcaNotificationEndpointIds = new[]
{
101,
102,
},
UseAlertNotificationEndpointsForRca = true,
LogAlert = new Logzio.Inputs.UnifiedAlertLogAlertArgs
{
SearchTimeframeMinutes = 15,
Output = new Logzio.Inputs.UnifiedAlertLogAlertOutputArgs
{
Type = "JSON",
SuppressNotificationsMinutes = 30,
Recipients = new Logzio.Inputs.UnifiedAlertLogAlertOutputRecipientsArgs
{
Emails = new[]
{
"devops@company.com",
"oncall@company.com",
},
NotificationEndpointIds = new[]
{
11,
12,
},
},
},
SubComponents = new[]
{
new Logzio.Inputs.UnifiedAlertLogAlertSubComponentArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertLogAlertSubComponentQueryDefinitionArgs
{
Query = "kubernetes.container_name:checkout AND level:error",
Filters = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["bool"] = new Dictionary<string, object?>
{
["must"] = new[]
{
},
["should"] = new[]
{
},
["filter"] = new[]
{
},
["must_not"] = new[]
{
},
},
}),
GroupBies = new[]
{
"kubernetes.pod_name",
},
Aggregation = new Logzio.Inputs.UnifiedAlertLogAlertSubComponentQueryDefinitionAggregationArgs
{
AggregationType = "SUM",
FieldToAggregateOn = "error_count",
},
ShouldQueryOnAllAccounts = false,
AccountIdsToQueryOns = new[]
{
12345,
},
},
Trigger = new Logzio.Inputs.UnifiedAlertLogAlertSubComponentTriggerArgs
{
Operator = "GREATER_THAN",
SeverityThresholdTiers = new[]
{
new Logzio.Inputs.UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs
{
Severity = "HIGH",
Threshold = 100,
},
new Logzio.Inputs.UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs
{
Severity = "MEDIUM",
Threshold = 50,
},
},
},
Output = new Logzio.Inputs.UnifiedAlertLogAlertSubComponentOutputArgs
{
ShouldUseAllFields = false,
Columns = new[]
{
new Logzio.Inputs.UnifiedAlertLogAlertSubComponentOutputColumnArgs
{
FieldName = "kubernetes.pod_name",
Sort = "DESC",
},
},
},
},
},
Correlations = new Logzio.Inputs.UnifiedAlertLogAlertCorrelationsArgs
{
CorrelationOperators = new[]
{
"AND",
},
},
Schedule = new Logzio.Inputs.UnifiedAlertLogAlertScheduleArgs
{
CronExpression = "*/1 * * * *",
Timezone = "UTC",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.logzio.UnifiedAlert;
import com.pulumi.logzio.UnifiedAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertLogAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertLogAlertOutputArgs;
import com.pulumi.logzio.inputs.UnifiedAlertLogAlertOutputRecipientsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertLogAlertCorrelationsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertLogAlertScheduleArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var logAlertExample = new UnifiedAlert("logAlertExample", UnifiedAlertArgs.builder()
.title("High error rate in checkout service")
.type("LOG_ALERT")
.description("Triggers when the error rate of the checkout service exceeds the defined threshold.")
.tags(
"environment:production",
"service:checkout")
.enabled(true)
.folderId("unified-folder-uid")
.dashboardId("unified-dashboard-uid")
.panelId("A")
.runbook("If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.")
.rca(true)
.rcaNotificationEndpointIds(
101,
102)
.useAlertNotificationEndpointsForRca(true)
.logAlert(UnifiedAlertLogAlertArgs.builder()
.searchTimeframeMinutes(15)
.output(UnifiedAlertLogAlertOutputArgs.builder()
.type("JSON")
.suppressNotificationsMinutes(30)
.recipients(UnifiedAlertLogAlertOutputRecipientsArgs.builder()
.emails(
"devops@company.com",
"oncall@company.com")
.notificationEndpointIds(
11,
12)
.build())
.build())
.subComponents(UnifiedAlertLogAlertSubComponentArgs.builder()
.queryDefinition(UnifiedAlertLogAlertSubComponentQueryDefinitionArgs.builder()
.query("kubernetes.container_name:checkout AND level:error")
.filters(serializeJson(
jsonObject(
jsonProperty("bool", jsonObject(
jsonProperty("must", jsonArray(
)),
jsonProperty("should", jsonArray(
)),
jsonProperty("filter", jsonArray(
)),
jsonProperty("must_not", jsonArray(
))
))
)))
.groupBies("kubernetes.pod_name")
.aggregation(UnifiedAlertLogAlertSubComponentQueryDefinitionAggregationArgs.builder()
.aggregationType("SUM")
.fieldToAggregateOn("error_count")
.build())
.shouldQueryOnAllAccounts(false)
.accountIdsToQueryOns(12345)
.build())
.trigger(UnifiedAlertLogAlertSubComponentTriggerArgs.builder()
.operator("GREATER_THAN")
.severityThresholdTiers(
UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs.builder()
.severity("HIGH")
.threshold(100)
.build(),
UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs.builder()
.severity("MEDIUM")
.threshold(50)
.build())
.build())
.output(UnifiedAlertLogAlertSubComponentOutputArgs.builder()
.shouldUseAllFields(false)
.columns(UnifiedAlertLogAlertSubComponentOutputColumnArgs.builder()
.fieldName("kubernetes.pod_name")
.sort("DESC")
.build())
.build())
.build())
.correlations(UnifiedAlertLogAlertCorrelationsArgs.builder()
.correlationOperators("AND")
.build())
.schedule(UnifiedAlertLogAlertScheduleArgs.builder()
.cronExpression("*/1 * * * *")
.timezone("UTC")
.build())
.build())
.build());
}
}
resources:
logAlertExample:
type: logzio:UnifiedAlert
properties:
title: High error rate in checkout service
type: LOG_ALERT
description: Triggers when the error rate of the checkout service exceeds the defined threshold.
tags:
- environment:production
- service:checkout
enabled: true
# Optional: Link to dashboards/runbooks
folderId: unified-folder-uid
dashboardId: unified-dashboard-uid
panelId: A
runbook: If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.
# Optional: RCA configuration
rca: true
rcaNotificationEndpointIds:
- 101
- 102
useAlertNotificationEndpointsForRca: true
logAlert:
searchTimeframeMinutes: 15
output:
type: JSON
suppressNotificationsMinutes: 30
recipients:
emails:
- devops@company.com
- oncall@company.com
notificationEndpointIds:
- 11
- 12
subComponents:
- queryDefinition:
query: kubernetes.container_name:checkout AND level:error
filters:
fn::toJSON:
bool:
must: []
should: []
filter: []
must_not: []
groupBies:
- kubernetes.pod_name
aggregation:
aggregationType: SUM
fieldToAggregateOn: error_count
shouldQueryOnAllAccounts: false
accountIdsToQueryOns:
- 12345
trigger:
operator: GREATER_THAN
severityThresholdTiers:
- severity: HIGH
threshold: 100
- severity: MEDIUM
threshold: 50
output:
shouldUseAllFields: false
columns:
- fieldName: kubernetes.pod_name
sort: DESC
correlations:
correlationOperators:
- AND
schedule:
cronExpression: '*/1 * * * *'
timezone: UTC
Metric Alert (Threshold)
import * as pulumi from "@pulumi/pulumi";
import * as logzio from "@pulumi/logzio";
const metricAlertExample = new logzio.UnifiedAlert("metricAlertExample", {
dashboardId: "unified-dashboard-uid",
description: "Fire when 5xx requests exceed 5 req/min over 5 minutes.",
enabled: true,
folderId: "unified-folder-uid",
metricAlert: {
queries: [{
queryDefinition: {
datasourceUid: "prometheus",
promqlQuery: "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
refId: "A",
}],
recipients: {
emails: ["devops@company.com"],
notificationEndpointIds: [
11,
12,
],
},
severity: "INFO",
trigger: {
metricOperator: "ABOVE",
minThreshold: 5,
searchTimeframeMinutes: 5,
triggerType: "THRESHOLD",
},
},
panelId: "A",
runbook: "RCA: inspect ingress errors by pod and compare to last deploy. Check DB health. Propose rollback if sustained.",
tags: [
"environment:production",
"service:checkout",
],
title: "High 5xx rate (absolute)",
type: "METRIC_ALERT",
});
import pulumi
import pulumi_logzio as logzio
metric_alert_example = logzio.UnifiedAlert("metricAlertExample",
dashboard_id="unified-dashboard-uid",
description="Fire when 5xx requests exceed 5 req/min over 5 minutes.",
enabled=True,
folder_id="unified-folder-uid",
metric_alert={
"queries": [{
"query_definition": {
"datasource_uid": "prometheus",
"promql_query": "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
"ref_id": "A",
}],
"recipients": {
"emails": ["devops@company.com"],
"notification_endpoint_ids": [
11,
12,
],
},
"severity": "INFO",
"trigger": {
"metric_operator": "ABOVE",
"min_threshold": 5,
"search_timeframe_minutes": 5,
"trigger_type": "THRESHOLD",
},
},
panel_id="A",
runbook="RCA: inspect ingress errors by pod and compare to last deploy. Check DB health. Propose rollback if sustained.",
tags=[
"environment:production",
"service:checkout",
],
title="High 5xx rate (absolute)",
type="METRIC_ALERT")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/logzio/logzio"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logzio.NewUnifiedAlert(ctx, "metricAlertExample", &logzio.UnifiedAlertArgs{
DashboardId: pulumi.String("unified-dashboard-uid"),
Description: pulumi.String("Fire when 5xx requests exceed 5 req/min over 5 minutes."),
Enabled: pulumi.Bool(true),
FolderId: pulumi.String("unified-folder-uid"),
MetricAlert: &logzio.UnifiedAlertMetricAlertArgs{
Queries: logzio.UnifiedAlertMetricAlertQueryArray{
&logzio.UnifiedAlertMetricAlertQueryArgs{
QueryDefinition: &logzio.UnifiedAlertMetricAlertQueryQueryDefinitionArgs{
DatasourceUid: pulumi.String("prometheus"),
PromqlQuery: pulumi.String("sum(rate(http_requests_total{status=~\"5..\"}[5m]))"),
},
RefId: pulumi.String("A"),
},
},
Recipients: &logzio.UnifiedAlertMetricAlertRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("devops@company.com"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(11),
pulumi.Float64(12),
},
},
Severity: pulumi.String("INFO"),
Trigger: &logzio.UnifiedAlertMetricAlertTriggerArgs{
MetricOperator: pulumi.String("ABOVE"),
MinThreshold: pulumi.Float64(5),
SearchTimeframeMinutes: pulumi.Float64(5),
TriggerType: pulumi.String("THRESHOLD"),
},
},
PanelId: pulumi.String("A"),
Runbook: pulumi.String("RCA: inspect ingress errors by pod and compare to last deploy. Check DB health. Propose rollback if sustained."),
Tags: pulumi.StringArray{
pulumi.String("environment:production"),
pulumi.String("service:checkout"),
},
Title: pulumi.String("High 5xx rate (absolute)"),
Type: pulumi.String("METRIC_ALERT"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Logzio = Pulumi.Logzio;
return await Deployment.RunAsync(() =>
{
var metricAlertExample = new Logzio.UnifiedAlert("metricAlertExample", new()
{
DashboardId = "unified-dashboard-uid",
Description = "Fire when 5xx requests exceed 5 req/min over 5 minutes.",
Enabled = true,
FolderId = "unified-folder-uid",
MetricAlert = new Logzio.Inputs.UnifiedAlertMetricAlertArgs
{
Queries = new[]
{
new Logzio.Inputs.UnifiedAlertMetricAlertQueryArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertMetricAlertQueryQueryDefinitionArgs
{
DatasourceUid = "prometheus",
PromqlQuery = "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
RefId = "A",
},
},
Recipients = new Logzio.Inputs.UnifiedAlertMetricAlertRecipientsArgs
{
Emails = new[]
{
"devops@company.com",
},
NotificationEndpointIds = new[]
{
11,
12,
},
},
Severity = "INFO",
Trigger = new Logzio.Inputs.UnifiedAlertMetricAlertTriggerArgs
{
MetricOperator = "ABOVE",
MinThreshold = 5,
SearchTimeframeMinutes = 5,
TriggerType = "THRESHOLD",
},
},
PanelId = "A",
Runbook = "RCA: inspect ingress errors by pod and compare to last deploy. Check DB health. Propose rollback if sustained.",
Tags = new[]
{
"environment:production",
"service:checkout",
},
Title = "High 5xx rate (absolute)",
Type = "METRIC_ALERT",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.logzio.UnifiedAlert;
import com.pulumi.logzio.UnifiedAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertMetricAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertMetricAlertRecipientsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertMetricAlertTriggerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var metricAlertExample = new UnifiedAlert("metricAlertExample", UnifiedAlertArgs.builder()
.dashboardId("unified-dashboard-uid")
.description("Fire when 5xx requests exceed 5 req/min over 5 minutes.")
.enabled(true)
.folderId("unified-folder-uid")
.metricAlert(UnifiedAlertMetricAlertArgs.builder()
.queries(UnifiedAlertMetricAlertQueryArgs.builder()
.queryDefinition(UnifiedAlertMetricAlertQueryQueryDefinitionArgs.builder()
.datasourceUid("prometheus")
.promqlQuery("sum(rate(http_requests_total{status=~\"5..\"}[5m]))")
.build())
.refId("A")
.build())
.recipients(UnifiedAlertMetricAlertRecipientsArgs.builder()
.emails("devops@company.com")
.notificationEndpointIds(
11,
12)
.build())
.severity("INFO")
.trigger(UnifiedAlertMetricAlertTriggerArgs.builder()
.metricOperator("ABOVE")
.minThreshold(5)
.searchTimeframeMinutes(5)
.triggerType("THRESHOLD")
.build())
.build())
.panelId("A")
.runbook("RCA: inspect ingress errors by pod and compare to last deploy. Check DB health. Propose rollback if sustained.")
.tags(
"environment:production",
"service:checkout")
.title("High 5xx rate (absolute)")
.type("METRIC_ALERT")
.build());
}
}
resources:
metricAlertExample:
type: logzio:UnifiedAlert
properties:
dashboardId: unified-dashboard-uid
description: Fire when 5xx requests exceed 5 req/min over 5 minutes.
enabled: true
# Optional: Link to dashboards/runbooks
folderId: unified-folder-uid
metricAlert:
queries:
- queryDefinition:
datasourceUid: prometheus
promqlQuery: sum(rate(http_requests_total{status=~"5.."}[5m]))
refId: A
recipients:
emails:
- devops@company.com
notificationEndpointIds:
- 11
- 12
severity: INFO
trigger:
metricOperator: ABOVE
minThreshold: 5
searchTimeframeMinutes: 5
triggerType: THRESHOLD
panelId: A
runbook: 'RCA: inspect ingress errors by pod and compare to last deploy. Check DB health. Propose rollback if sustained.'
tags:
- environment:production
- service:checkout
title: High 5xx rate (absolute)
type: METRIC_ALERT
Metric Alert With Math Expression
import * as pulumi from "@pulumi/pulumi";
import * as logzio from "@pulumi/logzio";
const metricMathAlert = new logzio.UnifiedAlert("metricMathAlert", {
description: "Fire when 5xx responses exceed 2% of total requests over 5 minutes.",
enabled: true,
metricAlert: {
queries: [
{
queryDefinition: {
datasourceUid: "prometheus",
promqlQuery: "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
refId: "A",
},
{
queryDefinition: {
datasourceUid: "prometheus",
promqlQuery: "sum(rate(http_requests_total[5m]))",
},
refId: "B",
},
],
recipients: {
emails: ["devops@company.com"],
notificationEndpointIds: [
11,
12,
],
},
severity: "INFO",
trigger: {
mathExpression: "(A / B) * 100",
metricOperator: "ABOVE",
minThreshold: 2,
searchTimeframeMinutes: 5,
triggerType: "MATH",
},
},
tags: [
"environment:production",
"service:checkout",
],
title: "5xx error rate percentage is high",
type: "METRIC_ALERT",
});
import pulumi
import pulumi_logzio as logzio
metric_math_alert = logzio.UnifiedAlert("metricMathAlert",
description="Fire when 5xx responses exceed 2% of total requests over 5 minutes.",
enabled=True,
metric_alert={
"queries": [
{
"query_definition": {
"datasource_uid": "prometheus",
"promql_query": "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
"ref_id": "A",
},
{
"query_definition": {
"datasource_uid": "prometheus",
"promql_query": "sum(rate(http_requests_total[5m]))",
},
"ref_id": "B",
},
],
"recipients": {
"emails": ["devops@company.com"],
"notification_endpoint_ids": [
11,
12,
],
},
"severity": "INFO",
"trigger": {
"math_expression": "(A / B) * 100",
"metric_operator": "ABOVE",
"min_threshold": 2,
"search_timeframe_minutes": 5,
"trigger_type": "MATH",
},
},
tags=[
"environment:production",
"service:checkout",
],
title="5xx error rate percentage is high",
type="METRIC_ALERT")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/logzio/logzio"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logzio.NewUnifiedAlert(ctx, "metricMathAlert", &logzio.UnifiedAlertArgs{
Description: pulumi.String("Fire when 5xx responses exceed 2% of total requests over 5 minutes."),
Enabled: pulumi.Bool(true),
MetricAlert: &logzio.UnifiedAlertMetricAlertArgs{
Queries: logzio.UnifiedAlertMetricAlertQueryArray{
&logzio.UnifiedAlertMetricAlertQueryArgs{
QueryDefinition: &logzio.UnifiedAlertMetricAlertQueryQueryDefinitionArgs{
DatasourceUid: pulumi.String("prometheus"),
PromqlQuery: pulumi.String("sum(rate(http_requests_total{status=~\"5..\"}[5m]))"),
},
RefId: pulumi.String("A"),
},
&logzio.UnifiedAlertMetricAlertQueryArgs{
QueryDefinition: &logzio.UnifiedAlertMetricAlertQueryQueryDefinitionArgs{
DatasourceUid: pulumi.String("prometheus"),
PromqlQuery: pulumi.String("sum(rate(http_requests_total[5m]))"),
},
RefId: pulumi.String("B"),
},
},
Recipients: &logzio.UnifiedAlertMetricAlertRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("devops@company.com"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(11),
pulumi.Float64(12),
},
},
Severity: pulumi.String("INFO"),
Trigger: &logzio.UnifiedAlertMetricAlertTriggerArgs{
MathExpression: pulumi.String("(A / B) * 100"),
MetricOperator: pulumi.String("ABOVE"),
MinThreshold: pulumi.Float64(2),
SearchTimeframeMinutes: pulumi.Float64(5),
TriggerType: pulumi.String("MATH"),
},
},
Tags: pulumi.StringArray{
pulumi.String("environment:production"),
pulumi.String("service:checkout"),
},
Title: pulumi.String("5xx error rate percentage is high"),
Type: pulumi.String("METRIC_ALERT"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Logzio = Pulumi.Logzio;
return await Deployment.RunAsync(() =>
{
var metricMathAlert = new Logzio.UnifiedAlert("metricMathAlert", new()
{
Description = "Fire when 5xx responses exceed 2% of total requests over 5 minutes.",
Enabled = true,
MetricAlert = new Logzio.Inputs.UnifiedAlertMetricAlertArgs
{
Queries = new[]
{
new Logzio.Inputs.UnifiedAlertMetricAlertQueryArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertMetricAlertQueryQueryDefinitionArgs
{
DatasourceUid = "prometheus",
PromqlQuery = "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
RefId = "A",
},
new Logzio.Inputs.UnifiedAlertMetricAlertQueryArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertMetricAlertQueryQueryDefinitionArgs
{
DatasourceUid = "prometheus",
PromqlQuery = "sum(rate(http_requests_total[5m]))",
},
RefId = "B",
},
},
Recipients = new Logzio.Inputs.UnifiedAlertMetricAlertRecipientsArgs
{
Emails = new[]
{
"devops@company.com",
},
NotificationEndpointIds = new[]
{
11,
12,
},
},
Severity = "INFO",
Trigger = new Logzio.Inputs.UnifiedAlertMetricAlertTriggerArgs
{
MathExpression = "(A / B) * 100",
MetricOperator = "ABOVE",
MinThreshold = 2,
SearchTimeframeMinutes = 5,
TriggerType = "MATH",
},
},
Tags = new[]
{
"environment:production",
"service:checkout",
},
Title = "5xx error rate percentage is high",
Type = "METRIC_ALERT",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.logzio.UnifiedAlert;
import com.pulumi.logzio.UnifiedAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertMetricAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertMetricAlertRecipientsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertMetricAlertTriggerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var metricMathAlert = new UnifiedAlert("metricMathAlert", UnifiedAlertArgs.builder()
.description("Fire when 5xx responses exceed 2% of total requests over 5 minutes.")
.enabled(true)
.metricAlert(UnifiedAlertMetricAlertArgs.builder()
.queries(
UnifiedAlertMetricAlertQueryArgs.builder()
.queryDefinition(UnifiedAlertMetricAlertQueryQueryDefinitionArgs.builder()
.datasourceUid("prometheus")
.promqlQuery("sum(rate(http_requests_total{status=~\"5..\"}[5m]))")
.build())
.refId("A")
.build(),
UnifiedAlertMetricAlertQueryArgs.builder()
.queryDefinition(UnifiedAlertMetricAlertQueryQueryDefinitionArgs.builder()
.datasourceUid("prometheus")
.promqlQuery("sum(rate(http_requests_total[5m]))")
.build())
.refId("B")
.build())
.recipients(UnifiedAlertMetricAlertRecipientsArgs.builder()
.emails("devops@company.com")
.notificationEndpointIds(
11,
12)
.build())
.severity("INFO")
.trigger(UnifiedAlertMetricAlertTriggerArgs.builder()
.mathExpression("(A / B) * 100")
.metricOperator("ABOVE")
.minThreshold(2)
.searchTimeframeMinutes(5)
.triggerType("MATH")
.build())
.build())
.tags(
"environment:production",
"service:checkout")
.title("5xx error rate percentage is high")
.type("METRIC_ALERT")
.build());
}
}
resources:
metricMathAlert:
type: logzio:UnifiedAlert
properties:
description: Fire when 5xx responses exceed 2% of total requests over 5 minutes.
enabled: true
metricAlert:
queries:
- queryDefinition:
datasourceUid: prometheus
promqlQuery: sum(rate(http_requests_total{status=~"5.."}[5m]))
refId: A
- queryDefinition:
datasourceUid: prometheus
promqlQuery: sum(rate(http_requests_total[5m]))
refId: B
recipients:
emails:
- devops@company.com
notificationEndpointIds:
- 11
- 12
severity: INFO
trigger:
mathExpression: (A / B) * 100
metricOperator: ABOVE
minThreshold: 2
searchTimeframeMinutes: 5
triggerType: MATH
tags:
- environment:production
- service:checkout
title: 5xx error rate percentage is high
type: METRIC_ALERT
Create UnifiedAlert Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new UnifiedAlert(name: string, args: UnifiedAlertArgs, opts?: CustomResourceOptions);@overload
def UnifiedAlert(resource_name: str,
args: UnifiedAlertArgs,
opts: Optional[ResourceOptions] = None)
@overload
def UnifiedAlert(resource_name: str,
opts: Optional[ResourceOptions] = None,
title: Optional[str] = None,
type: Optional[str] = None,
panel_id: Optional[str] = None,
folder_id: Optional[str] = None,
log_alert: Optional[UnifiedAlertLogAlertArgs] = None,
metric_alert: Optional[UnifiedAlertMetricAlertArgs] = None,
dashboard_id: Optional[str] = None,
rca: Optional[bool] = None,
rca_notification_endpoint_ids: Optional[Sequence[float]] = None,
runbook: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
description: Optional[str] = None,
unified_alert_id: Optional[str] = None,
use_alert_notification_endpoints_for_rca: Optional[bool] = None)func NewUnifiedAlert(ctx *Context, name string, args UnifiedAlertArgs, opts ...ResourceOption) (*UnifiedAlert, error)public UnifiedAlert(string name, UnifiedAlertArgs args, CustomResourceOptions? opts = null)
public UnifiedAlert(String name, UnifiedAlertArgs args)
public UnifiedAlert(String name, UnifiedAlertArgs args, CustomResourceOptions options)
type: logzio:UnifiedAlert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var unifiedAlertResource = new Logzio.UnifiedAlert("unifiedAlertResource", new()
{
Title = "string",
Type = "string",
PanelId = "string",
FolderId = "string",
LogAlert = new Logzio.Inputs.UnifiedAlertLogAlertArgs
{
Output = new Logzio.Inputs.UnifiedAlertLogAlertOutputArgs
{
Recipients = new Logzio.Inputs.UnifiedAlertLogAlertOutputRecipientsArgs
{
Emails = new[]
{
"string",
},
NotificationEndpointIds = new[]
{
0,
},
},
Type = "string",
SuppressNotificationsMinutes = 0,
},
SearchTimeframeMinutes = 0,
SubComponents = new[]
{
new Logzio.Inputs.UnifiedAlertLogAlertSubComponentArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertLogAlertSubComponentQueryDefinitionArgs
{
Query = "string",
AccountIdsToQueryOns = new[]
{
0,
},
Aggregation = new Logzio.Inputs.UnifiedAlertLogAlertSubComponentQueryDefinitionAggregationArgs
{
AggregationType = "string",
FieldToAggregateOn = "string",
ValueToAggregateOn = "string",
},
Filters = "string",
GroupBies = new[]
{
"string",
},
ShouldQueryOnAllAccounts = false,
},
Trigger = new Logzio.Inputs.UnifiedAlertLogAlertSubComponentTriggerArgs
{
Operator = "string",
SeverityThresholdTiers = new[]
{
new Logzio.Inputs.UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs
{
Severity = "string",
Threshold = 0,
},
},
},
Output = new Logzio.Inputs.UnifiedAlertLogAlertSubComponentOutputArgs
{
Columns = new[]
{
new Logzio.Inputs.UnifiedAlertLogAlertSubComponentOutputColumnArgs
{
FieldName = "string",
Regex = "string",
Sort = "string",
},
},
ShouldUseAllFields = false,
},
},
},
Correlations = new Logzio.Inputs.UnifiedAlertLogAlertCorrelationsArgs
{
CorrelationOperators = new[]
{
"string",
},
Joins = new[]
{
{
{ "string", "string" },
},
},
},
Schedule = new Logzio.Inputs.UnifiedAlertLogAlertScheduleArgs
{
CronExpression = "string",
Timezone = "string",
},
},
MetricAlert = new Logzio.Inputs.UnifiedAlertMetricAlertArgs
{
Queries = new[]
{
new Logzio.Inputs.UnifiedAlertMetricAlertQueryArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertMetricAlertQueryQueryDefinitionArgs
{
DatasourceUid = "string",
PromqlQuery = "string",
},
RefId = "string",
},
},
Recipients = new Logzio.Inputs.UnifiedAlertMetricAlertRecipientsArgs
{
Emails = new[]
{
"string",
},
NotificationEndpointIds = new[]
{
0,
},
},
Severity = "string",
Trigger = new Logzio.Inputs.UnifiedAlertMetricAlertTriggerArgs
{
SearchTimeframeMinutes = 0,
TriggerType = "string",
MathExpression = "string",
MaxThreshold = 0,
MetricOperator = "string",
MinThreshold = 0,
},
},
DashboardId = "string",
Rca = false,
RcaNotificationEndpointIds = new[]
{
0,
},
Runbook = "string",
Tags = new[]
{
"string",
},
Enabled = false,
Description = "string",
UnifiedAlertId = "string",
UseAlertNotificationEndpointsForRca = false,
});
example, err := logzio.NewUnifiedAlert(ctx, "unifiedAlertResource", &logzio.UnifiedAlertArgs{
Title: pulumi.String("string"),
Type: pulumi.String("string"),
PanelId: pulumi.String("string"),
FolderId: pulumi.String("string"),
LogAlert: &logzio.UnifiedAlertLogAlertArgs{
Output: &logzio.UnifiedAlertLogAlertOutputTypeArgs{
Recipients: &logzio.UnifiedAlertLogAlertOutputRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("string"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(0),
},
},
Type: pulumi.String("string"),
SuppressNotificationsMinutes: pulumi.Float64(0),
},
SearchTimeframeMinutes: pulumi.Float64(0),
SubComponents: logzio.UnifiedAlertLogAlertSubComponentArray{
&logzio.UnifiedAlertLogAlertSubComponentArgs{
QueryDefinition: &logzio.UnifiedAlertLogAlertSubComponentQueryDefinitionArgs{
Query: pulumi.String("string"),
AccountIdsToQueryOns: pulumi.Float64Array{
pulumi.Float64(0),
},
Aggregation: &logzio.UnifiedAlertLogAlertSubComponentQueryDefinitionAggregationArgs{
AggregationType: pulumi.String("string"),
FieldToAggregateOn: pulumi.String("string"),
ValueToAggregateOn: pulumi.String("string"),
},
Filters: pulumi.String("string"),
GroupBies: pulumi.StringArray{
pulumi.String("string"),
},
ShouldQueryOnAllAccounts: pulumi.Bool(false),
},
Trigger: &logzio.UnifiedAlertLogAlertSubComponentTriggerArgs{
Operator: pulumi.String("string"),
SeverityThresholdTiers: logzio.UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArray{
&logzio.UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs{
Severity: pulumi.String("string"),
Threshold: pulumi.Float64(0),
},
},
},
Output: &logzio.UnifiedAlertLogAlertSubComponentOutputTypeArgs{
Columns: logzio.UnifiedAlertLogAlertSubComponentOutputColumnArray{
&logzio.UnifiedAlertLogAlertSubComponentOutputColumnArgs{
FieldName: pulumi.String("string"),
Regex: pulumi.String("string"),
Sort: pulumi.String("string"),
},
},
ShouldUseAllFields: pulumi.Bool(false),
},
},
},
Correlations: &logzio.UnifiedAlertLogAlertCorrelationsArgs{
CorrelationOperators: pulumi.StringArray{
pulumi.String("string"),
},
Joins: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
},
Schedule: &logzio.UnifiedAlertLogAlertScheduleArgs{
CronExpression: pulumi.String("string"),
Timezone: pulumi.String("string"),
},
},
MetricAlert: &logzio.UnifiedAlertMetricAlertArgs{
Queries: logzio.UnifiedAlertMetricAlertQueryArray{
&logzio.UnifiedAlertMetricAlertQueryArgs{
QueryDefinition: &logzio.UnifiedAlertMetricAlertQueryQueryDefinitionArgs{
DatasourceUid: pulumi.String("string"),
PromqlQuery: pulumi.String("string"),
},
RefId: pulumi.String("string"),
},
},
Recipients: &logzio.UnifiedAlertMetricAlertRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("string"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(0),
},
},
Severity: pulumi.String("string"),
Trigger: &logzio.UnifiedAlertMetricAlertTriggerArgs{
SearchTimeframeMinutes: pulumi.Float64(0),
TriggerType: pulumi.String("string"),
MathExpression: pulumi.String("string"),
MaxThreshold: pulumi.Float64(0),
MetricOperator: pulumi.String("string"),
MinThreshold: pulumi.Float64(0),
},
},
DashboardId: pulumi.String("string"),
Rca: pulumi.Bool(false),
RcaNotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(0),
},
Runbook: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
Description: pulumi.String("string"),
UnifiedAlertId: pulumi.String("string"),
UseAlertNotificationEndpointsForRca: pulumi.Bool(false),
})
var unifiedAlertResource = new UnifiedAlert("unifiedAlertResource", UnifiedAlertArgs.builder()
.title("string")
.type("string")
.panelId("string")
.folderId("string")
.logAlert(UnifiedAlertLogAlertArgs.builder()
.output(UnifiedAlertLogAlertOutputArgs.builder()
.recipients(UnifiedAlertLogAlertOutputRecipientsArgs.builder()
.emails("string")
.notificationEndpointIds(0.0)
.build())
.type("string")
.suppressNotificationsMinutes(0.0)
.build())
.searchTimeframeMinutes(0.0)
.subComponents(UnifiedAlertLogAlertSubComponentArgs.builder()
.queryDefinition(UnifiedAlertLogAlertSubComponentQueryDefinitionArgs.builder()
.query("string")
.accountIdsToQueryOns(0.0)
.aggregation(UnifiedAlertLogAlertSubComponentQueryDefinitionAggregationArgs.builder()
.aggregationType("string")
.fieldToAggregateOn("string")
.valueToAggregateOn("string")
.build())
.filters("string")
.groupBies("string")
.shouldQueryOnAllAccounts(false)
.build())
.trigger(UnifiedAlertLogAlertSubComponentTriggerArgs.builder()
.operator("string")
.severityThresholdTiers(UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs.builder()
.severity("string")
.threshold(0.0)
.build())
.build())
.output(UnifiedAlertLogAlertSubComponentOutputArgs.builder()
.columns(UnifiedAlertLogAlertSubComponentOutputColumnArgs.builder()
.fieldName("string")
.regex("string")
.sort("string")
.build())
.shouldUseAllFields(false)
.build())
.build())
.correlations(UnifiedAlertLogAlertCorrelationsArgs.builder()
.correlationOperators("string")
.joins(Map.of("string", "string"))
.build())
.schedule(UnifiedAlertLogAlertScheduleArgs.builder()
.cronExpression("string")
.timezone("string")
.build())
.build())
.metricAlert(UnifiedAlertMetricAlertArgs.builder()
.queries(UnifiedAlertMetricAlertQueryArgs.builder()
.queryDefinition(UnifiedAlertMetricAlertQueryQueryDefinitionArgs.builder()
.datasourceUid("string")
.promqlQuery("string")
.build())
.refId("string")
.build())
.recipients(UnifiedAlertMetricAlertRecipientsArgs.builder()
.emails("string")
.notificationEndpointIds(0.0)
.build())
.severity("string")
.trigger(UnifiedAlertMetricAlertTriggerArgs.builder()
.searchTimeframeMinutes(0.0)
.triggerType("string")
.mathExpression("string")
.maxThreshold(0.0)
.metricOperator("string")
.minThreshold(0.0)
.build())
.build())
.dashboardId("string")
.rca(false)
.rcaNotificationEndpointIds(0.0)
.runbook("string")
.tags("string")
.enabled(false)
.description("string")
.unifiedAlertId("string")
.useAlertNotificationEndpointsForRca(false)
.build());
unified_alert_resource = logzio.UnifiedAlert("unifiedAlertResource",
title="string",
type="string",
panel_id="string",
folder_id="string",
log_alert={
"output": {
"recipients": {
"emails": ["string"],
"notification_endpoint_ids": [0],
},
"type": "string",
"suppress_notifications_minutes": 0,
},
"search_timeframe_minutes": 0,
"sub_components": [{
"query_definition": {
"query": "string",
"account_ids_to_query_ons": [0],
"aggregation": {
"aggregation_type": "string",
"field_to_aggregate_on": "string",
"value_to_aggregate_on": "string",
},
"filters": "string",
"group_bies": ["string"],
"should_query_on_all_accounts": False,
},
"trigger": {
"operator": "string",
"severity_threshold_tiers": [{
"severity": "string",
"threshold": 0,
}],
},
"output": {
"columns": [{
"field_name": "string",
"regex": "string",
"sort": "string",
}],
"should_use_all_fields": False,
},
}],
"correlations": {
"correlation_operators": ["string"],
"joins": [{
"string": "string",
}],
},
"schedule": {
"cron_expression": "string",
"timezone": "string",
},
},
metric_alert={
"queries": [{
"query_definition": {
"datasource_uid": "string",
"promql_query": "string",
},
"ref_id": "string",
}],
"recipients": {
"emails": ["string"],
"notification_endpoint_ids": [0],
},
"severity": "string",
"trigger": {
"search_timeframe_minutes": 0,
"trigger_type": "string",
"math_expression": "string",
"max_threshold": 0,
"metric_operator": "string",
"min_threshold": 0,
},
},
dashboard_id="string",
rca=False,
rca_notification_endpoint_ids=[0],
runbook="string",
tags=["string"],
enabled=False,
description="string",
unified_alert_id="string",
use_alert_notification_endpoints_for_rca=False)
const unifiedAlertResource = new logzio.UnifiedAlert("unifiedAlertResource", {
title: "string",
type: "string",
panelId: "string",
folderId: "string",
logAlert: {
output: {
recipients: {
emails: ["string"],
notificationEndpointIds: [0],
},
type: "string",
suppressNotificationsMinutes: 0,
},
searchTimeframeMinutes: 0,
subComponents: [{
queryDefinition: {
query: "string",
accountIdsToQueryOns: [0],
aggregation: {
aggregationType: "string",
fieldToAggregateOn: "string",
valueToAggregateOn: "string",
},
filters: "string",
groupBies: ["string"],
shouldQueryOnAllAccounts: false,
},
trigger: {
operator: "string",
severityThresholdTiers: [{
severity: "string",
threshold: 0,
}],
},
output: {
columns: [{
fieldName: "string",
regex: "string",
sort: "string",
}],
shouldUseAllFields: false,
},
}],
correlations: {
correlationOperators: ["string"],
joins: [{
string: "string",
}],
},
schedule: {
cronExpression: "string",
timezone: "string",
},
},
metricAlert: {
queries: [{
queryDefinition: {
datasourceUid: "string",
promqlQuery: "string",
},
refId: "string",
}],
recipients: {
emails: ["string"],
notificationEndpointIds: [0],
},
severity: "string",
trigger: {
searchTimeframeMinutes: 0,
triggerType: "string",
mathExpression: "string",
maxThreshold: 0,
metricOperator: "string",
minThreshold: 0,
},
},
dashboardId: "string",
rca: false,
rcaNotificationEndpointIds: [0],
runbook: "string",
tags: ["string"],
enabled: false,
description: "string",
unifiedAlertId: "string",
useAlertNotificationEndpointsForRca: false,
});
type: logzio:UnifiedAlert
properties:
dashboardId: string
description: string
enabled: false
folderId: string
logAlert:
correlations:
correlationOperators:
- string
joins:
- string: string
output:
recipients:
emails:
- string
notificationEndpointIds:
- 0
suppressNotificationsMinutes: 0
type: string
schedule:
cronExpression: string
timezone: string
searchTimeframeMinutes: 0
subComponents:
- output:
columns:
- fieldName: string
regex: string
sort: string
shouldUseAllFields: false
queryDefinition:
accountIdsToQueryOns:
- 0
aggregation:
aggregationType: string
fieldToAggregateOn: string
valueToAggregateOn: string
filters: string
groupBies:
- string
query: string
shouldQueryOnAllAccounts: false
trigger:
operator: string
severityThresholdTiers:
- severity: string
threshold: 0
metricAlert:
queries:
- queryDefinition:
datasourceUid: string
promqlQuery: string
refId: string
recipients:
emails:
- string
notificationEndpointIds:
- 0
severity: string
trigger:
mathExpression: string
maxThreshold: 0
metricOperator: string
minThreshold: 0
searchTimeframeMinutes: 0
triggerType: string
panelId: string
rca: false
rcaNotificationEndpointIds:
- 0
runbook: string
tags:
- string
title: string
type: string
unifiedAlertId: string
useAlertNotificationEndpointsForRca: false
UnifiedAlert Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The UnifiedAlert resource accepts the following input properties:
- Title string
- Type string
- Dashboard
Id string - Description string
- Enabled bool
- Folder
Id string - Log
Alert UnifiedAlert Log Alert - Metric
Alert UnifiedAlert Metric Alert - Panel
Id string - Rca bool
- Rca
Notification List<double>Endpoint Ids - Runbook string
- List<string>
- Unified
Alert stringId - Use
Alert boolNotification Endpoints For Rca
- Title string
- Type string
- Dashboard
Id string - Description string
- Enabled bool
- Folder
Id string - Log
Alert UnifiedAlert Log Alert Args - Metric
Alert UnifiedAlert Metric Alert Args - Panel
Id string - Rca bool
- Rca
Notification []float64Endpoint Ids - Runbook string
- []string
- Unified
Alert stringId - Use
Alert boolNotification Endpoints For Rca
- title String
- type String
- dashboard
Id String - description String
- enabled Boolean
- folder
Id String - log
Alert UnifiedAlert Log Alert - metric
Alert UnifiedAlert Metric Alert - panel
Id String - rca Boolean
- rca
Notification List<Double>Endpoint Ids - runbook String
- List<String>
- unified
Alert StringId - use
Alert BooleanNotification Endpoints For Rca
- title string
- type string
- dashboard
Id string - description string
- enabled boolean
- folder
Id string - log
Alert UnifiedAlert Log Alert - metric
Alert UnifiedAlert Metric Alert - panel
Id string - rca boolean
- rca
Notification number[]Endpoint Ids - runbook string
- string[]
- unified
Alert stringId - use
Alert booleanNotification Endpoints For Rca
- title str
- type str
- dashboard_
id str - description str
- enabled bool
- folder_
id str - log_
alert UnifiedAlert Log Alert Args - metric_
alert UnifiedAlert Metric Alert Args - panel_
id str - rca bool
- rca_
notification_ Sequence[float]endpoint_ ids - runbook str
- Sequence[str]
- unified_
alert_ strid - use_
alert_ boolnotification_ endpoints_ for_ rca
- title String
- type String
- dashboard
Id String - description String
- enabled Boolean
- folder
Id String - log
Alert Property Map - metric
Alert Property Map - panel
Id String - rca Boolean
- rca
Notification List<Number>Endpoint Ids - runbook String
- List<String>
- unified
Alert StringId - use
Alert BooleanNotification Endpoints For Rca
Outputs
All input properties are implicitly available as output properties. Additionally, the UnifiedAlert resource produces the following output properties:
- alert_
id str - The unique alert identifier assigned by Logz.io.
- created_
at float - Unix timestamp (float) of alert creation.
- id str
- The provider-assigned unique ID for this managed resource.
- updated_
at float - Unix timestamp (float) of last update.
Look up Existing UnifiedAlert Resource
Get an existing UnifiedAlert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UnifiedAlertState, opts?: CustomResourceOptions): UnifiedAlert@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alert_id: Optional[str] = None,
created_at: Optional[float] = None,
dashboard_id: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
folder_id: Optional[str] = None,
log_alert: Optional[UnifiedAlertLogAlertArgs] = None,
metric_alert: Optional[UnifiedAlertMetricAlertArgs] = None,
panel_id: Optional[str] = None,
rca: Optional[bool] = None,
rca_notification_endpoint_ids: Optional[Sequence[float]] = None,
runbook: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
title: Optional[str] = None,
type: Optional[str] = None,
unified_alert_id: Optional[str] = None,
updated_at: Optional[float] = None,
use_alert_notification_endpoints_for_rca: Optional[bool] = None) -> UnifiedAlertfunc GetUnifiedAlert(ctx *Context, name string, id IDInput, state *UnifiedAlertState, opts ...ResourceOption) (*UnifiedAlert, error)public static UnifiedAlert Get(string name, Input<string> id, UnifiedAlertState? state, CustomResourceOptions? opts = null)public static UnifiedAlert get(String name, Output<String> id, UnifiedAlertState state, CustomResourceOptions options)resources: _: type: logzio:UnifiedAlert get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alert
Id string - The unique alert identifier assigned by Logz.io.
- Created
At double - Unix timestamp (float) of alert creation.
- Dashboard
Id string - Description string
- Enabled bool
- Folder
Id string - Log
Alert UnifiedAlert Log Alert - Metric
Alert UnifiedAlert Metric Alert - Panel
Id string - Rca bool
- Rca
Notification List<double>Endpoint Ids - Runbook string
- List<string>
- Title string
- Type string
- Unified
Alert stringId - Updated
At double - Unix timestamp (float) of last update.
- Use
Alert boolNotification Endpoints For Rca
- Alert
Id string - The unique alert identifier assigned by Logz.io.
- Created
At float64 - Unix timestamp (float) of alert creation.
- Dashboard
Id string - Description string
- Enabled bool
- Folder
Id string - Log
Alert UnifiedAlert Log Alert Args - Metric
Alert UnifiedAlert Metric Alert Args - Panel
Id string - Rca bool
- Rca
Notification []float64Endpoint Ids - Runbook string
- []string
- Title string
- Type string
- Unified
Alert stringId - Updated
At float64 - Unix timestamp (float) of last update.
- Use
Alert boolNotification Endpoints For Rca
- alert
Id String - The unique alert identifier assigned by Logz.io.
- created
At Double - Unix timestamp (float) of alert creation.
- dashboard
Id String - description String
- enabled Boolean
- folder
Id String - log
Alert UnifiedAlert Log Alert - metric
Alert UnifiedAlert Metric Alert - panel
Id String - rca Boolean
- rca
Notification List<Double>Endpoint Ids - runbook String
- List<String>
- title String
- type String
- unified
Alert StringId - updated
At Double - Unix timestamp (float) of last update.
- use
Alert BooleanNotification Endpoints For Rca
- alert
Id string - The unique alert identifier assigned by Logz.io.
- created
At number - Unix timestamp (float) of alert creation.
- dashboard
Id string - description string
- enabled boolean
- folder
Id string - log
Alert UnifiedAlert Log Alert - metric
Alert UnifiedAlert Metric Alert - panel
Id string - rca boolean
- rca
Notification number[]Endpoint Ids - runbook string
- string[]
- title string
- type string
- unified
Alert stringId - updated
At number - Unix timestamp (float) of last update.
- use
Alert booleanNotification Endpoints For Rca
- alert_
id str - The unique alert identifier assigned by Logz.io.
- created_
at float - Unix timestamp (float) of alert creation.
- dashboard_
id str - description str
- enabled bool
- folder_
id str - log_
alert UnifiedAlert Log Alert Args - metric_
alert UnifiedAlert Metric Alert Args - panel_
id str - rca bool
- rca_
notification_ Sequence[float]endpoint_ ids - runbook str
- Sequence[str]
- title str
- type str
- unified_
alert_ strid - updated_
at float - Unix timestamp (float) of last update.
- use_
alert_ boolnotification_ endpoints_ for_ rca
- alert
Id String - The unique alert identifier assigned by Logz.io.
- created
At Number - Unix timestamp (float) of alert creation.
- dashboard
Id String - description String
- enabled Boolean
- folder
Id String - log
Alert Property Map - metric
Alert Property Map - panel
Id String - rca Boolean
- rca
Notification List<Number>Endpoint Ids - runbook String
- List<String>
- title String
- type String
- unified
Alert StringId - updated
At Number - Unix timestamp (float) of last update.
- use
Alert BooleanNotification Endpoints For Rca
Supporting Types
UnifiedAlertLogAlert, UnifiedAlertLogAlertArgs
- Output
Unified
Alert Log Alert Output - Notification configuration. See Log Alert Output below.
- Search
Timeframe doubleMinutes - Time window in minutes for log evaluation.
- Sub
Components List<UnifiedAlert Log Alert Sub Component> - Detection rules. At least one required. See Sub Component below.
- Correlations
Unified
Alert Log Alert Correlations - Correlation logic between sub-components. See Correlations below.
- Schedule
Unified
Alert Log Alert Schedule - Cron-based evaluation schedule. See Schedule below.
- Output
Unified
Alert Log Alert Output Type - Notification configuration. See Log Alert Output below.
- Search
Timeframe float64Minutes - Time window in minutes for log evaluation.
- Sub
Components []UnifiedAlert Log Alert Sub Component - Detection rules. At least one required. See Sub Component below.
- Correlations
Unified
Alert Log Alert Correlations - Correlation logic between sub-components. See Correlations below.
- Schedule
Unified
Alert Log Alert Schedule - Cron-based evaluation schedule. See Schedule below.
- output
Unified
Alert Log Alert Output - Notification configuration. See Log Alert Output below.
- search
Timeframe DoubleMinutes - Time window in minutes for log evaluation.
- sub
Components List<UnifiedAlert Log Alert Sub Component> - Detection rules. At least one required. See Sub Component below.
- correlations
Unified
Alert Log Alert Correlations - Correlation logic between sub-components. See Correlations below.
- schedule
Unified
Alert Log Alert Schedule - Cron-based evaluation schedule. See Schedule below.
- output
Unified
Alert Log Alert Output - Notification configuration. See Log Alert Output below.
- search
Timeframe numberMinutes - Time window in minutes for log evaluation.
- sub
Components UnifiedAlert Log Alert Sub Component[] - Detection rules. At least one required. See Sub Component below.
- correlations
Unified
Alert Log Alert Correlations - Correlation logic between sub-components. See Correlations below.
- schedule
Unified
Alert Log Alert Schedule - Cron-based evaluation schedule. See Schedule below.
- output
Unified
Alert Log Alert Output - Notification configuration. See Log Alert Output below.
- search_
timeframe_ floatminutes - Time window in minutes for log evaluation.
- sub_
components Sequence[UnifiedAlert Log Alert Sub Component] - Detection rules. At least one required. See Sub Component below.
- correlations
Unified
Alert Log Alert Correlations - Correlation logic between sub-components. See Correlations below.
- schedule
Unified
Alert Log Alert Schedule - Cron-based evaluation schedule. See Schedule below.
- output Property Map
- Notification configuration. See Log Alert Output below.
- search
Timeframe NumberMinutes - Time window in minutes for log evaluation.
- sub
Components List<Property Map> - Detection rules. At least one required. See Sub Component below.
- correlations Property Map
- Correlation logic between sub-components. See Correlations below.
- schedule Property Map
- Cron-based evaluation schedule. See Schedule below.
UnifiedAlertLogAlertCorrelations, UnifiedAlertLogAlertCorrelationsArgs
- Correlation
Operators List<string> - Correlation operators (e.g.,
["AND"]). - Joins
List<Immutable
Dictionary<string, string>> - Join configurations.
- Correlation
Operators []string - Correlation operators (e.g.,
["AND"]). - Joins []map[string]string
- Join configurations.
- correlation
Operators List<String> - Correlation operators (e.g.,
["AND"]). - joins List<Map<String,String>>
- Join configurations.
- correlation
Operators string[] - Correlation operators (e.g.,
["AND"]). - joins {[key: string]: string}[]
- Join configurations.
- correlation_
operators Sequence[str] - Correlation operators (e.g.,
["AND"]). - joins Sequence[Mapping[str, str]]
- Join configurations.
- correlation
Operators List<String> - Correlation operators (e.g.,
["AND"]). - joins List<Map<String>>
- Join configurations.
UnifiedAlertLogAlertOutput, UnifiedAlertLogAlertOutputArgs
- Recipients
Unified
Alert Log Alert Output Recipients - Who receives notifications. See Recipients below.
- Type string
- Output format. Must be
JSONorTABLE. - Suppress
Notifications doubleMinutes - Mute period after alert fires.
- Recipients
Unified
Alert Log Alert Output Recipients - Who receives notifications. See Recipients below.
- Type string
- Output format. Must be
JSONorTABLE. - Suppress
Notifications float64Minutes - Mute period after alert fires.
- recipients
Unified
Alert Log Alert Output Recipients - Who receives notifications. See Recipients below.
- type String
- Output format. Must be
JSONorTABLE. - suppress
Notifications DoubleMinutes - Mute period after alert fires.
- recipients
Unified
Alert Log Alert Output Recipients - Who receives notifications. See Recipients below.
- type string
- Output format. Must be
JSONorTABLE. - suppress
Notifications numberMinutes - Mute period after alert fires.
- recipients
Unified
Alert Log Alert Output Recipients - Who receives notifications. See Recipients below.
- type str
- Output format. Must be
JSONorTABLE. - suppress_
notifications_ floatminutes - Mute period after alert fires.
- recipients Property Map
- Who receives notifications. See Recipients below.
- type String
- Output format. Must be
JSONorTABLE. - suppress
Notifications NumberMinutes - Mute period after alert fires.
UnifiedAlertLogAlertOutputRecipients, UnifiedAlertLogAlertOutputRecipientsArgs
- Emails List<string>
- Email addresses for notifications.
- Notification
Endpoint List<double>Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- Emails []string
- Email addresses for notifications.
- Notification
Endpoint []float64Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- emails List<String>
- Email addresses for notifications.
- notification
Endpoint List<Double>Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- emails string[]
- Email addresses for notifications.
- notification
Endpoint number[]Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- emails Sequence[str]
- Email addresses for notifications.
- notification_
endpoint_ Sequence[float]ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- emails List<String>
- Email addresses for notifications.
- notification
Endpoint List<Number>Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
UnifiedAlertLogAlertSchedule, UnifiedAlertLogAlertScheduleArgs
- Cron
Expression string - Standard cron expression (e.g.,
"*/5 * * * *"= every 5 minutes). - Timezone string
- Timezone for the cron expression. Default:
UTC.
- Cron
Expression string - Standard cron expression (e.g.,
"*/5 * * * *"= every 5 minutes). - Timezone string
- Timezone for the cron expression. Default:
UTC.
- cron
Expression String - Standard cron expression (e.g.,
"*/5 * * * *"= every 5 minutes). - timezone String
- Timezone for the cron expression. Default:
UTC.
- cron
Expression string - Standard cron expression (e.g.,
"*/5 * * * *"= every 5 minutes). - timezone string
- Timezone for the cron expression. Default:
UTC.
- cron_
expression str - Standard cron expression (e.g.,
"*/5 * * * *"= every 5 minutes). - timezone str
- Timezone for the cron expression. Default:
UTC.
- cron
Expression String - Standard cron expression (e.g.,
"*/5 * * * *"= every 5 minutes). - timezone String
- Timezone for the cron expression. Default:
UTC.
UnifiedAlertLogAlertSubComponent, UnifiedAlertLogAlertSubComponentArgs
- Query
Definition UnifiedAlert Log Alert Sub Component Query Definition - The query configuration. See Query Definition below.
- Trigger
Unified
Alert Log Alert Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- Output
Unified
Alert Log Alert Sub Component Output - Output configuration. See Sub Component Output below.
- Query
Definition UnifiedAlert Log Alert Sub Component Query Definition - The query configuration. See Query Definition below.
- Trigger
Unified
Alert Log Alert Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- Output
Unified
Alert Log Alert Sub Component Output Type - Output configuration. See Sub Component Output below.
- query
Definition UnifiedAlert Log Alert Sub Component Query Definition - The query configuration. See Query Definition below.
- trigger
Unified
Alert Log Alert Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- output
Unified
Alert Log Alert Sub Component Output - Output configuration. See Sub Component Output below.
- query
Definition UnifiedAlert Log Alert Sub Component Query Definition - The query configuration. See Query Definition below.
- trigger
Unified
Alert Log Alert Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- output
Unified
Alert Log Alert Sub Component Output - Output configuration. See Sub Component Output below.
- query_
definition UnifiedAlert Log Alert Sub Component Query Definition - The query configuration. See Query Definition below.
- trigger
Unified
Alert Log Alert Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- output
Unified
Alert Log Alert Sub Component Output - Output configuration. See Sub Component Output below.
- query
Definition Property Map - The query configuration. See Query Definition below.
- trigger Property Map
- Trigger conditions. See Sub Component Trigger below.
- output Property Map
- Output configuration. See Sub Component Output below.
UnifiedAlertLogAlertSubComponentOutput, UnifiedAlertLogAlertSubComponentOutputArgs
- Columns
List<Unified
Alert Log Alert Sub Component Output Column> Column configurations. See Column Config below.
Important: Custom
columnsare only valid whenaggregation_type = "NONE".- If using any aggregation (
COUNT,SUM,AVG,MIN,MAX,UNIQUE_COUNT): Must setshould_use_all_fields = trueand cannot specifycolumns. - If using
aggregation_type = "NONE": Can setshould_use_all_fields = falseand specify customcolumns.
Example with aggregation (no custom columns):
- If using any aggregation (
- Should
Use boolAll Fields - Whether to use all fields in output. Default:
false.
- Columns
[]Unified
Alert Log Alert Sub Component Output Column Column configurations. See Column Config below.
Important: Custom
columnsare only valid whenaggregation_type = "NONE".- If using any aggregation (
COUNT,SUM,AVG,MIN,MAX,UNIQUE_COUNT): Must setshould_use_all_fields = trueand cannot specifycolumns. - If using
aggregation_type = "NONE": Can setshould_use_all_fields = falseand specify customcolumns.
Example with aggregation (no custom columns):
- If using any aggregation (
- Should
Use boolAll Fields - Whether to use all fields in output. Default:
false.
- columns
List<Unified
Alert Log Alert Sub Component Output Column> Column configurations. See Column Config below.
Important: Custom
columnsare only valid whenaggregation_type = "NONE".- If using any aggregation (
COUNT,SUM,AVG,MIN,MAX,UNIQUE_COUNT): Must setshould_use_all_fields = trueand cannot specifycolumns. - If using
aggregation_type = "NONE": Can setshould_use_all_fields = falseand specify customcolumns.
Example with aggregation (no custom columns):
- If using any aggregation (
- should
Use BooleanAll Fields - Whether to use all fields in output. Default:
false.
- columns
Unified
Alert Log Alert Sub Component Output Column[] Column configurations. See Column Config below.
Important: Custom
columnsare only valid whenaggregation_type = "NONE".- If using any aggregation (
COUNT,SUM,AVG,MIN,MAX,UNIQUE_COUNT): Must setshould_use_all_fields = trueand cannot specifycolumns. - If using
aggregation_type = "NONE": Can setshould_use_all_fields = falseand specify customcolumns.
Example with aggregation (no custom columns):
- If using any aggregation (
- should
Use booleanAll Fields - Whether to use all fields in output. Default:
false.
- columns
Sequence[Unified
Alert Log Alert Sub Component Output Column] Column configurations. See Column Config below.
Important: Custom
columnsare only valid whenaggregation_type = "NONE".- If using any aggregation (
COUNT,SUM,AVG,MIN,MAX,UNIQUE_COUNT): Must setshould_use_all_fields = trueand cannot specifycolumns. - If using
aggregation_type = "NONE": Can setshould_use_all_fields = falseand specify customcolumns.
Example with aggregation (no custom columns):
- If using any aggregation (
- should_
use_ boolall_ fields - Whether to use all fields in output. Default:
false.
- columns List<Property Map>
Column configurations. See Column Config below.
Important: Custom
columnsare only valid whenaggregation_type = "NONE".- If using any aggregation (
COUNT,SUM,AVG,MIN,MAX,UNIQUE_COUNT): Must setshould_use_all_fields = trueand cannot specifycolumns. - If using
aggregation_type = "NONE": Can setshould_use_all_fields = falseand specify customcolumns.
Example with aggregation (no custom columns):
- If using any aggregation (
- should
Use BooleanAll Fields - Whether to use all fields in output. Default:
false.
UnifiedAlertLogAlertSubComponentOutputColumn, UnifiedAlertLogAlertSubComponentOutputColumnArgs
- field_
name str - Field name.
- regex str
- Regular expression for field extraction.
- sort str
- Sort direction. Valid values:
ASC,DESC.
UnifiedAlertLogAlertSubComponentQueryDefinition, UnifiedAlertLogAlertSubComponentQueryDefinitionArgs
- Query string
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - Account
Ids List<double>To Query Ons - Required if
should_query_on_all_accounts = false. - Aggregation
Unified
Alert Log Alert Sub Component Query Definition Aggregation - How to aggregate matching logs. See Aggregation below.
- Filters string
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - Group
Bies List<string> - Fields to group results by.
- Should
Query boolOn All Accounts - Whether to query all accessible accounts. Default:
true.
- Query string
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - Account
Ids []float64To Query Ons - Required if
should_query_on_all_accounts = false. - Aggregation
Unified
Alert Log Alert Sub Component Query Definition Aggregation - How to aggregate matching logs. See Aggregation below.
- Filters string
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - Group
Bies []string - Fields to group results by.
- Should
Query boolOn All Accounts - Whether to query all accessible accounts. Default:
true.
- query String
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - account
Ids List<Double>To Query Ons - Required if
should_query_on_all_accounts = false. - aggregation
Unified
Alert Log Alert Sub Component Query Definition Aggregation - How to aggregate matching logs. See Aggregation below.
- filters String
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - group
Bies List<String> - Fields to group results by.
- should
Query BooleanOn All Accounts - Whether to query all accessible accounts. Default:
true.
- query string
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - account
Ids number[]To Query Ons - Required if
should_query_on_all_accounts = false. - aggregation
Unified
Alert Log Alert Sub Component Query Definition Aggregation - How to aggregate matching logs. See Aggregation below.
- filters string
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - group
Bies string[] - Fields to group results by.
- should
Query booleanOn All Accounts - Whether to query all accessible accounts. Default:
true.
- query str
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - account_
ids_ Sequence[float]to_ query_ ons - Required if
should_query_on_all_accounts = false. - aggregation
Unified
Alert Log Alert Sub Component Query Definition Aggregation - How to aggregate matching logs. See Aggregation below.
- filters str
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - group_
bies Sequence[str] - Fields to group results by.
- should_
query_ boolon_ all_ accounts - Whether to query all accessible accounts. Default:
true.
- query String
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - account
Ids List<Number>To Query Ons - Required if
should_query_on_all_accounts = false. - aggregation Property Map
- How to aggregate matching logs. See Aggregation below.
- filters String
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - group
Bies List<String> - Fields to group results by.
- should
Query BooleanOn All Accounts - Whether to query all accessible accounts. Default:
true.
UnifiedAlertLogAlertSubComponentQueryDefinitionAggregation, UnifiedAlertLogAlertSubComponentQueryDefinitionAggregationArgs
- Aggregation
Type string - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE. - Field
To stringAggregate On - Field to aggregate on.
- Value
To stringAggregate On - Value to aggregate on.
- Aggregation
Type string - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE. - Field
To stringAggregate On - Field to aggregate on.
- Value
To stringAggregate On - Value to aggregate on.
- aggregation
Type String - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE. - field
To StringAggregate On - Field to aggregate on.
- value
To StringAggregate On - Value to aggregate on.
- aggregation
Type string - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE. - field
To stringAggregate On - Field to aggregate on.
- value
To stringAggregate On - Value to aggregate on.
- aggregation_
type str - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE. - field_
to_ straggregate_ on - Field to aggregate on.
- value_
to_ straggregate_ on - Value to aggregate on.
- aggregation
Type String - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE. - field
To StringAggregate On - Field to aggregate on.
- value
To StringAggregate On - Value to aggregate on.
UnifiedAlertLogAlertSubComponentTrigger, UnifiedAlertLogAlertSubComponentTriggerArgs
- Operator string
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - Severity
Threshold List<UnifiedTiers Alert Log Alert Sub Component Trigger Severity Threshold Tier> - Severity thresholds. At least one required. See Severity Threshold Tier below.
- Operator string
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - Severity
Threshold []UnifiedTiers Alert Log Alert Sub Component Trigger Severity Threshold Tier - Severity thresholds. At least one required. See Severity Threshold Tier below.
- operator String
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - severity
Threshold List<UnifiedTiers Alert Log Alert Sub Component Trigger Severity Threshold Tier> - Severity thresholds. At least one required. See Severity Threshold Tier below.
- operator string
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - severity
Threshold UnifiedTiers Alert Log Alert Sub Component Trigger Severity Threshold Tier[] - Severity thresholds. At least one required. See Severity Threshold Tier below.
- operator str
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - severity_
threshold_ Sequence[Unifiedtiers Alert Log Alert Sub Component Trigger Severity Threshold Tier] - Severity thresholds. At least one required. See Severity Threshold Tier below.
- operator String
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - severity
Threshold List<Property Map>Tiers - Severity thresholds. At least one required. See Severity Threshold Tier below.
UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTier, UnifiedAlertLogAlertSubComponentTriggerSeverityThresholdTierArgs
- Severity string
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - Threshold double
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
Example for
LESS_THAN(detecting low values):import * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- For
- Severity string
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - Threshold float64
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
Example for
LESS_THAN(detecting low values):import * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- For
- severity String
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - threshold Double
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
Example for
LESS_THAN(detecting low values):import * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- For
- severity string
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - threshold number
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
Example for
LESS_THAN(detecting low values):import * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- For
- severity str
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - threshold float
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
Example for
LESS_THAN(detecting low values):import * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- For
- severity String
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - threshold Number
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
Example for
LESS_THAN(detecting low values):import * as pulumi from "@pulumi/pulumi";import pulumiusing System.Collections.Generic; using System.Linq; using Pulumi;return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }{}- For
UnifiedAlertMetricAlert, UnifiedAlertMetricAlertArgs
- Queries
List<Unified
Alert Metric Alert Query> - Metric queries. At least one required. See Metric Query below.
- Recipients
Unified
Alert Metric Alert Recipients - Who receives notifications. See Recipients above.
- Severity string
- Alert severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - Trigger
Unified
Alert Metric Alert Trigger - Trigger configuration. See Metric Trigger below.
- Queries
[]Unified
Alert Metric Alert Query - Metric queries. At least one required. See Metric Query below.
- Recipients
Unified
Alert Metric Alert Recipients - Who receives notifications. See Recipients above.
- Severity string
- Alert severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - Trigger
Unified
Alert Metric Alert Trigger - Trigger configuration. See Metric Trigger below.
- queries
List<Unified
Alert Metric Alert Query> - Metric queries. At least one required. See Metric Query below.
- recipients
Unified
Alert Metric Alert Recipients - Who receives notifications. See Recipients above.
- severity String
- Alert severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - trigger
Unified
Alert Metric Alert Trigger - Trigger configuration. See Metric Trigger below.
- queries
Unified
Alert Metric Alert Query[] - Metric queries. At least one required. See Metric Query below.
- recipients
Unified
Alert Metric Alert Recipients - Who receives notifications. See Recipients above.
- severity string
- Alert severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - trigger
Unified
Alert Metric Alert Trigger - Trigger configuration. See Metric Trigger below.
- queries
Sequence[Unified
Alert Metric Alert Query] - Metric queries. At least one required. See Metric Query below.
- recipients
Unified
Alert Metric Alert Recipients - Who receives notifications. See Recipients above.
- severity str
- Alert severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - trigger
Unified
Alert Metric Alert Trigger - Trigger configuration. See Metric Trigger below.
- queries List<Property Map>
- Metric queries. At least one required. See Metric Query below.
- recipients Property Map
- Who receives notifications. See Recipients above.
- severity String
- Alert severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - trigger Property Map
- Trigger configuration. See Metric Trigger below.
UnifiedAlertMetricAlertQuery, UnifiedAlertMetricAlertQueryArgs
- Query
Definition UnifiedAlert Metric Alert Query Query Definition - The query configuration. See Metric Query Definition below.
- Ref
Id string - Query identifier (e.g., "A", "B") for use in math expressions.
- Query
Definition UnifiedAlert Metric Alert Query Query Definition - The query configuration. See Metric Query Definition below.
- Ref
Id string - Query identifier (e.g., "A", "B") for use in math expressions.
- query
Definition UnifiedAlert Metric Alert Query Query Definition - The query configuration. See Metric Query Definition below.
- ref
Id String - Query identifier (e.g., "A", "B") for use in math expressions.
- query
Definition UnifiedAlert Metric Alert Query Query Definition - The query configuration. See Metric Query Definition below.
- ref
Id string - Query identifier (e.g., "A", "B") for use in math expressions.
- query_
definition UnifiedAlert Metric Alert Query Query Definition - The query configuration. See Metric Query Definition below.
- ref_
id str - Query identifier (e.g., "A", "B") for use in math expressions.
- query
Definition Property Map - The query configuration. See Metric Query Definition below.
- ref
Id String - Query identifier (e.g., "A", "B") for use in math expressions.
UnifiedAlertMetricAlertQueryQueryDefinition, UnifiedAlertMetricAlertQueryQueryDefinitionArgs
- Datasource
Uid string - UID of the Prometheus/metrics datasource in Logz.io.
- Promql
Query string - PromQL query string (e.g.,
"rate(http_requests_total[5m])").
- Datasource
Uid string - UID of the Prometheus/metrics datasource in Logz.io.
- Promql
Query string - PromQL query string (e.g.,
"rate(http_requests_total[5m])").
- datasource
Uid String - UID of the Prometheus/metrics datasource in Logz.io.
- promql
Query String - PromQL query string (e.g.,
"rate(http_requests_total[5m])").
- datasource
Uid string - UID of the Prometheus/metrics datasource in Logz.io.
- promql
Query string - PromQL query string (e.g.,
"rate(http_requests_total[5m])").
- datasource_
uid str - UID of the Prometheus/metrics datasource in Logz.io.
- promql_
query str - PromQL query string (e.g.,
"rate(http_requests_total[5m])").
- datasource
Uid String - UID of the Prometheus/metrics datasource in Logz.io.
- promql
Query String - PromQL query string (e.g.,
"rate(http_requests_total[5m])").
UnifiedAlertMetricAlertRecipients, UnifiedAlertMetricAlertRecipientsArgs
- Emails List<string>
- Email addresses for notifications.
- Notification
Endpoint List<double>Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- Emails []string
- Email addresses for notifications.
- Notification
Endpoint []float64Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- emails List<String>
- Email addresses for notifications.
- notification
Endpoint List<Double>Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- emails string[]
- Email addresses for notifications.
- notification
Endpoint number[]Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- emails Sequence[str]
- Email addresses for notifications.
- notification_
endpoint_ Sequence[float]ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
- emails List<String>
- Email addresses for notifications.
- notification
Endpoint List<Number>Ids IDs of configured notification endpoints.
Note: At least one of
emailsornotification_endpoint_idsshould be provided.
UnifiedAlertMetricAlertTrigger, UnifiedAlertMetricAlertTriggerArgs
- Search
Timeframe doubleMinutes - Evaluation time window in minutes.
- Trigger
Type string - Trigger type. Valid values:
THRESHOLD,MATH. - Math
Expression string - Required when
trigger_type = "MATH". Expression using query ref_ids (e.g.,"$A / $B * 100"). - Max
Threshold double - Maximum threshold value (required for
WITHIN_RANGEandOUTSIDE_RANGE). - Metric
Operator string - Required for threshold triggers. Valid values:
ABOVE,BELOW,WITHIN_RANGE,OUTSIDE_RANGE. - Min
Threshold double - Minimum threshold value.
- Search
Timeframe float64Minutes - Evaluation time window in minutes.
- Trigger
Type string - Trigger type. Valid values:
THRESHOLD,MATH. - Math
Expression string - Required when
trigger_type = "MATH". Expression using query ref_ids (e.g.,"$A / $B * 100"). - Max
Threshold float64 - Maximum threshold value (required for
WITHIN_RANGEandOUTSIDE_RANGE). - Metric
Operator string - Required for threshold triggers. Valid values:
ABOVE,BELOW,WITHIN_RANGE,OUTSIDE_RANGE. - Min
Threshold float64 - Minimum threshold value.
- search
Timeframe DoubleMinutes - Evaluation time window in minutes.
- trigger
Type String - Trigger type. Valid values:
THRESHOLD,MATH. - math
Expression String - Required when
trigger_type = "MATH". Expression using query ref_ids (e.g.,"$A / $B * 100"). - max
Threshold Double - Maximum threshold value (required for
WITHIN_RANGEandOUTSIDE_RANGE). - metric
Operator String - Required for threshold triggers. Valid values:
ABOVE,BELOW,WITHIN_RANGE,OUTSIDE_RANGE. - min
Threshold Double - Minimum threshold value.
- search
Timeframe numberMinutes - Evaluation time window in minutes.
- trigger
Type string - Trigger type. Valid values:
THRESHOLD,MATH. - math
Expression string - Required when
trigger_type = "MATH". Expression using query ref_ids (e.g.,"$A / $B * 100"). - max
Threshold number - Maximum threshold value (required for
WITHIN_RANGEandOUTSIDE_RANGE). - metric
Operator string - Required for threshold triggers. Valid values:
ABOVE,BELOW,WITHIN_RANGE,OUTSIDE_RANGE. - min
Threshold number - Minimum threshold value.
- search_
timeframe_ floatminutes - Evaluation time window in minutes.
- trigger_
type str - Trigger type. Valid values:
THRESHOLD,MATH. - math_
expression str - Required when
trigger_type = "MATH". Expression using query ref_ids (e.g.,"$A / $B * 100"). - max_
threshold float - Maximum threshold value (required for
WITHIN_RANGEandOUTSIDE_RANGE). - metric_
operator str - Required for threshold triggers. Valid values:
ABOVE,BELOW,WITHIN_RANGE,OUTSIDE_RANGE. - min_
threshold float - Minimum threshold value.
- search
Timeframe NumberMinutes - Evaluation time window in minutes.
- trigger
Type String - Trigger type. Valid values:
THRESHOLD,MATH. - math
Expression String - Required when
trigger_type = "MATH". Expression using query ref_ids (e.g.,"$A / $B * 100"). - max
Threshold Number - Maximum threshold value (required for
WITHIN_RANGEandOUTSIDE_RANGE). - metric
Operator String - Required for threshold triggers. Valid values:
ABOVE,BELOW,WITHIN_RANGE,OUTSIDE_RANGE. - min
Threshold Number - Minimum threshold value.
Import
Unified alerts can be imported using the alert type and ID, separated by a colon:
bash
$ pulumi import logzio:index/unifiedAlert:UnifiedAlert my_log_alert LOG_ALERT:alert-id-here
$ pulumi import logzio:index/unifiedAlert:UnifiedAlert my_metric_alert METRIC_ALERT:alert-id-here
Africa/Abidjan,
Africa/Accra,
Africa/Addis_Ababa,
Africa/Algiers,
Africa/Asmara,
Africa/Asmera,
Africa/Bamako,
Africa/Bangui,
Africa/Banjul,
Africa/Bissau,
Africa/Blantyre,
Africa/Brazzaville,
Africa/Bujumbura,
Africa/Cairo,
Africa/Casablanca,
Africa/Ceuta,
Africa/Conakry,
Africa/Dakar,
Africa/Dar_es_Salaam,
Africa/Djibouti,
Africa/Douala,
Africa/El_Aaiun,
Africa/Freetown,
Africa/Gaborone,
Africa/Harare,
Africa/Johannesburg,
Africa/Juba,
Africa/Kampala,
Africa/Khartoum,
Africa/Kigali,
Africa/Kinshasa,
Africa/Lagos,
Africa/Libreville,
Africa/Lome,
Africa/Luanda,
Africa/Lubumbashi,
Africa/Lusaka,
Africa/Malabo,
Africa/Maputo,
Africa/Maseru,
Africa/Mbabane,
Africa/Mogadishu,
Africa/Monrovia,
Africa/Nairobi,
Africa/Ndjamena,
Africa/Niamey,
Africa/Nouakchott,
Africa/Ouagadougou,
Africa/Porto-Novo,
Africa/Sao_Tome,
Africa/Timbuktu,
Africa/Tripoli,
Africa/Tunis,
Africa/Windhoek,
America/Adak,
America/Anchorage,
America/Anguilla,
America/Antigua,
America/Araguaina,
America/Argentina/Buenos_Aires,
America/Argentina/Catamarca,
America/Argentina/ComodRivadavia,
America/Argentina/Cordoba,
America/Argentina/Jujuy,
America/Argentina/La_Rioja,
America/Argentina/Mendoza,
America/Argentina/Rio_Gallegos,
America/Argentina/Salta,
America/Argentina/San_Juan,
America/Argentina/San_Luis,
America/Argentina/Tucuman,
America/Argentina/Ushuaia,
America/Aruba,
America/Asuncion,
America/Atikokan,
America/Atka,
America/Bahia,
America/Bahia_Banderas,
America/Barbados,
America/Belem,
America/Belize,
America/Blanc-Sablon,
America/Boa_Vista,
America/Bogota,
America/Boise,
America/Buenos_Aires,
America/Cambridge_Bay,
America/Campo_Grande,
America/Cancun,
America/Caracas,
America/Catamarca,
America/Cayenne,
America/Cayman,
America/Chicago,
America/Chihuahua,
America/Coral_Harbour,
America/Cordoba,
America/Costa_Rica,
America/Creston,
America/Cuiaba,
America/Curacao,
America/Danmarkshavn,
America/Dawson,
America/Dawson_Creek,
America/Denver,
America/Detroit,
America/Dominica,
America/Edmonton,
America/Eirunepe,
America/El_Salvador,
America/Ensenada,
America/Fort_Nelson,
America/Fort_Wayne,
America/Fortaleza,
America/Glace_Bay,
America/Godthab,
America/Goose_Bay,
America/Grand_Turk,
America/Grenada,
America/Guadeloupe,
America/Guatemala,
America/Guayaquil,
America/Guyana,
America/Halifax,
America/Havana,
America/Hermosillo,
America/Indiana/Indianapolis,
America/Indiana/Knox,
America/Indiana/Marengo,
America/Indiana/Petersburg,
America/Indiana/Tell_City,
America/Indiana/Vevay,
America/Indiana/Vincennes,
America/Indiana/Winamac,
America/Indianapolis,
America/Inuvik,
America/Iqaluit,
America/Jamaica,
America/Jujuy,
America/Juneau,
America/Kentucky/Louisville,
America/Kentucky/Monticello,
America/Knox_IN,
America/Kralendijk,
America/La_Paz,
America/Lima,
America/Los_Angeles,
America/Louisville,
America/Lower_Princes,
America/Maceio,
America/Managua,
America/Manaus,
America/Marigot,
America/Martinique,
America/Matamoros,
America/Mazatlan,
America/Mendoza,
America/Menominee,
America/Merida,
America/Metlakatla,
America/Mexico_City,
America/Miquelon,
America/Moncton,
America/Monterrey,
America/Montevideo,
America/Montreal,
America/Montserrat,
America/Nassau,
America/New_York,
America/Nipigon,
America/Nome,
America/Noronha,
America/North_Dakota/Beulah,
America/North_Dakota/Center,
America/North_Dakota/New_Salem,
America/Nuuk,
America/Ojinaga,
America/Panama,
America/Pangnirtung,
America/Paramaribo,
America/Phoenix,
America/Port-au-Prince,
America/Port_of_Spain,
America/Porto_Acre,
America/Porto_Velho,
America/Puerto_Rico,
America/Punta_Arenas,
America/Rainy_River,
America/Rankin_Inlet,
America/Recife,
America/Regina,
America/Resolute,
America/Rio_Branco,
America/Rosario,
America/Santa_Isabel,
America/Santarem,
America/Santiago,
America/Santo_Domingo,
America/Sao_Paulo,
America/Scoresbysund,
America/Shiprock,
America/Sitka,
America/St_Barthelemy,
America/St_Johns,
America/St_Kitts,
America/St_Lucia,
America/St_Thomas,
America/St_Vincent,
America/Swift_Current,
America/Tegucigalpa,
America/Thule,
America/Thunder_Bay,
America/Tijuana,
America/Toronto,
America/Tortola,
America/Vancouver,
America/Virgin,
America/Whitehorse,
America/Winnipeg,
America/Yakutat,
America/Yellowknife,
Antarctica/Casey,
Antarctica/Davis,
Antarctica/DumontDUrville,
Antarctica/Macquarie,
Antarctica/Mawson,
Antarctica/McMurdo,
Antarctica/Palmer,
Antarctica/Rothera,
Antarctica/South_Pole,
Antarctica/Syowa,
Antarctica/Troll,
Antarctica/Vostok,
Arctic/Longyearbyen,
Asia/Aden,
Asia/Almaty,
Asia/Amman,
Asia/Anadyr,
Asia/Aqtau,
Asia/Aqtobe,
Asia/Ashgabat,
Asia/Ashkhabad,
Asia/Atyrau,
Asia/Baghdad,
Asia/Bahrain,
Asia/Baku,
Asia/Bangkok,
Asia/Barnaul,
Asia/Beirut,
Asia/Bishkek,
Asia/Brunei,
Asia/Calcutta,
Asia/Chita,
Asia/Choibalsan,
Asia/Chongqing,
Asia/Chungking,
Asia/Colombo,
Asia/Dacca,
Asia/Damascus,
Asia/Dhaka,
Asia/Dili,
Asia/Dubai,
Asia/Dushanbe,
Asia/Famagusta,
Asia/Gaza,
Asia/Harbin,
Asia/Hebron,
Asia/Ho_Chi_Minh,
Asia/Hong_Kong,
Asia/Hovd,
Asia/Irkutsk,
Asia/Istanbul,
Asia/Jakarta,
Asia/Jayapura,
Asia/Jerusalem,
Asia/Kabul,
Asia/Kamchatka,
Asia/Karachi,
Asia/Kashgar,
Asia/Kathmandu,
Asia/Katmandu,
Asia/Khandyga,
Asia/Kolkata,
Asia/Krasnoyarsk,
Asia/Kuala_Lumpur,
Asia/Kuching,
Asia/Kuwait,
Asia/Macao,
Asia/Macau,
Asia/Magadan,
Asia/Makassar,
Asia/Manila,
Asia/Muscat,
Asia/Nicosia,
Asia/Novokuznetsk,
Asia/Novosibirsk,
Asia/Omsk,
Asia/Oral,
Asia/Phnom_Penh,
Asia/Pontianak,
Asia/Pyongyang,
Asia/Qatar,
Asia/Qostanay,
Asia/Qyzylorda,
Asia/Rangoon,
Asia/Riyadh,
Asia/Saigon,
Asia/Sakhalin,
Asia/Samarkand,
Asia/Seoul,
Asia/Shanghai,
Asia/Singapore,
Asia/Srednekolymsk,
Asia/Taipei,
Asia/Tashkent,
Asia/Tbilisi,
Asia/Tehran,
Asia/Tel_Aviv,
Asia/Thimbu,
Asia/Thimphu,
Asia/Tokyo,
Asia/Tomsk,
Asia/Ujung_Pandang,
Asia/Ulaanbaatar,
Asia/Ulan_Bator,
Asia/Urumqi,
Asia/Ust-Nera,
Asia/Vientiane,
Asia/Vladivostok,
Asia/Yakutsk,
Asia/Yangon,
Asia/Yekaterinburg,
Asia/Yerevan,
Atlantic/Azores,
Atlantic/Bermuda,
Atlantic/Canary,
Atlantic/Cape_Verde,
Atlantic/Faeroe,
Atlantic/Faroe,
Atlantic/Jan_Mayen,
Atlantic/Madeira,
Atlantic/Reykjavik,
Atlantic/South_Georgia,
Atlantic/St_Helena,
Atlantic/Stanley,
Australia/ACT,
Australia/Adelaide,
Australia/Brisbane,
Australia/Broken_Hill,
Australia/Canberra,
Australia/Currie,
Australia/Darwin,
Australia/Eucla,
Australia/Hobart,
Australia/LHI,
Australia/Lindeman,
Australia/Lord_Howe,
Australia/Melbourne,
Australia/NSW,
Australia/North,
Australia/Perth,
Australia/Queensland,
Australia/South,
Australia/Sydney,
Australia/Tasmania,
Australia/Victoria,
Australia/West,
Australia/Yancowinna,
Brazil/Acre,
Brazil/DeNoronha,
Brazil/East,
Brazil/West,
CET,
CST6CDT,
Canada/Atlantic,
Canada/Central,
Canada/Eastern,
Canada/Mountain,
Canada/Newfoundland,
Canada/Pacific,
Canada/Saskatchewan,
Canada/Yukon,
Chile/Continental,
Chile/EasterIsland,
Cuba,
EET,
EST5EDT,
Egypt,
Eire,
Etc/GMT,
Etc/GMT+0,
Etc/GMT+1,
Etc/GMT+10,
Etc/GMT+11,
Etc/GMT+12,
Etc/GMT+2,
Etc/GMT+3,
Etc/GMT+4,
Etc/GMT+5,
Etc/GMT+6,
Etc/GMT+7,
Etc/GMT+8,
Etc/GMT+9,
Etc/GMT-0,
Etc/GMT-1,
Etc/GMT-10,
Etc/GMT-11,
Etc/GMT-12,
Etc/GMT-13,
Etc/GMT-14,
Etc/GMT-2,
Etc/GMT-3,
Etc/GMT-4,
Etc/GMT-5,
Etc/GMT-6,
Etc/GMT-7,
Etc/GMT-8,
Etc/GMT-9,
Etc/GMT0,
Etc/Greenwich,
Etc/UCT,
Etc/UTC,
Etc/Universal,
Etc/Zulu,
Europe/Amsterdam,
Europe/Andorra,
Europe/Astrakhan,
Europe/Athens,
Europe/Belfast,
Europe/Belgrade,
Europe/Berlin,
Europe/Bratislava,
Europe/Brussels,
Europe/Bucharest,
Europe/Budapest,
Europe/Busingen,
Europe/Chisinau,
Europe/Copenhagen,
Europe/Dublin,
Europe/Gibraltar,
Europe/Guernsey,
Europe/Helsinki,
Europe/Isle_of_Man,
Europe/Istanbul,
Europe/Jersey,
Europe/Kaliningrad,
Europe/Kiev,
Europe/Kirov,
Europe/Lisbon,
Europe/Ljubljana,
Europe/London,
Europe/Luxembourg,
Europe/Madrid,
Europe/Malta,
Europe/Mariehamn,
Europe/Minsk,
Europe/Monaco,
Europe/Moscow,
Europe/Nicosia,
Europe/Oslo,
Europe/Paris,
Europe/Podgorica,
Europe/Prague,
Europe/Riga,
Europe/Rome,
Europe/Samara,
Europe/San_Marino,
Europe/Sarajevo,
Europe/Saratov,
Europe/Simferopol,
Europe/Skopje,
Europe/Sofia,
Europe/Stockholm,
Europe/Tallinn,
Europe/Tirane,
Europe/Tiraspol,
Europe/Ulyanovsk,
Europe/Uzhgorod,
Europe/Vaduz,
Europe/Vatican,
Europe/Vienna,
Europe/Vilnius,
Europe/Volgograd,
Europe/Warsaw,
Europe/Zagreb,
Europe/Zaporozhye,
Europe/Zurich,
GB,
GB-Eire,
GMT,
GMT0,
Greenwich,
Hongkong,
Iceland,
Indian/Antananarivo,
Indian/Chagos,
Indian/Christmas,
Indian/Cocos,
Indian/Comoro,
Indian/Kerguelen,
Indian/Mahe,
Indian/Maldives,
Indian/Mauritius,
Indian/Mayotte,
Indian/Reunion,
Iran,
Israel,
Jamaica,
Japan,
Kwajalein,
Libya,
MET,
MST7MDT,
Mexico/BajaNorte,
Mexico/BajaSur,
Mexico/General,
NZ,
NZ-CHAT,
Navajo,
PRC,
PST8PDT,
Pacific/Apia,
Pacific/Auckland,
Pacific/Bougainville,
Pacific/Chatham,
Pacific/Chuuk,
Pacific/Easter,
Pacific/Efate,
Pacific/Enderbury,
Pacific/Fakaofo,
Pacific/Fiji,
Pacific/Funafuti,
Pacific/Galapagos,
Pacific/Gambier,
Pacific/Guadalcanal,
Pacific/Guam,
Pacific/Honolulu,
Pacific/Johnston,
Pacific/Kanton,
Pacific/Kiritimati,
Pacific/Kosrae,
Pacific/Kwajalein,
Pacific/Majuro,
Pacific/Marquesas,
Pacific/Midway,
Pacific/Nauru,
Pacific/Niue,
Pacific/Norfolk,
Pacific/Noumea,
Pacific/Pago_Pago,
Pacific/Palau,
Pacific/Pitcairn,
Pacific/Pohnpei,
Pacific/Ponape,
Pacific/Port_Moresby,
Pacific/Rarotonga,
Pacific/Saipan,
Pacific/Samoa,
Pacific/Tahiti,
Pacific/Tarawa,
Pacific/Tongatapu,
Pacific/Truk,
Pacific/Wake,
Pacific/Wallis,
Pacific/Yap,
Poland,
Portugal,
ROK,
Singapore,
SystemV/AST4,
SystemV/AST4ADT,
SystemV/CST6,
SystemV/CST6CDT,
SystemV/EST5,
SystemV/EST5EDT,
SystemV/HST10,
SystemV/MST7,
SystemV/MST7MDT,
SystemV/PST8,
SystemV/PST8PDT,
SystemV/YST9,
SystemV/YST9YDT,
Turkey,
UCT,
US/Alaska,
US/Aleutian,
US/Arizona,
US/Central,
US/East-Indiana,
US/Eastern,
US/Hawaii,
US/Indiana-Starke,
US/Michigan,
US/Mountain,
US/Pacific,
US/Samoa,
UTC,
Universal,
W-SU,
WET,
Zulu,
EST,
HST,
MST,
ACT,
AET,
AGT,
ART,
AST,
BET,
BST,
CAT,
CNT,
CST,
CTT,
EAT,
ECT,
IET,
IST,
JST,
MIT,
NET,
NST,
PLT,
PNT,
PRT,
PST,
SST,
VST
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- logzio logzio/terraform-provider-logzio
- License
- Notes
- This Pulumi package is based on the
logzioTerraform Provider.
logzio 1.26.0 published on Tuesday, Nov 4, 2025 by logzio
