Viewing docs for logzio 1.27.0
published on Thursday, Feb 19, 2026 by logzio
published on Thursday, Feb 19, 2026 by logzio
Viewing docs for logzio 1.27.0
published on Thursday, Feb 19, 2026 by logzio
published on Thursday, Feb 19, 2026 by logzio
# Unified Alert Resource
Provides a Logz.io unified alert resource. This resource allows you to create and manage both log-based and metric-based alerts through a single unified API.
The alert type is determined by the type field inside alert_configuration:
- When
type = "LOG_ALERT", configure log-alert fields (sub_components,correlations,schedule). - When
type = "METRIC_ALERT", configure metric-alert fields (trigger,queries,severity).
Example Usage
Log Alert (JSON Output)
import * as pulumi from "@pulumi/pulumi";
import * as logzio from "@pulumi/logzio";
const logAlertExample = new logzio.UnifiedAlert("log_alert_example", {
title: "High error rate in checkout service",
description: "Triggers when the error rate of the checkout service exceeds the defined threshold.",
tags: [
"environment:production",
"service:checkout",
],
enabled: true,
linkedPanel: {
folderId: "unified-folder-uid",
dashboardId: "unified-dashboard-uid",
panelId: "A",
},
runbook: "If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.",
rca: true,
rcaNotificationEndpointIds: [
101,
102,
],
useAlertNotificationEndpointsForRca: true,
recipients: {
emails: [
"devops@company.com",
"oncall@company.com",
],
notificationEndpointIds: [
11,
12,
],
},
alertConfiguration: {
type: "LOG_ALERT",
searchTimeframeMinutes: 15,
suppressNotificationsMinutes: 30,
alertOutputTemplateType: "JSON",
subComponents: [{
queryDefinition: {
query: "kubernetes.container_name:checkout AND level:error",
groupBies: ["kubernetes.pod_name"],
aggregation: {
aggregationType: "SUM",
fieldToAggregateOn: "error_count",
},
shouldQueryOnAllAccounts: false,
accountIdsToQueryOns: [12345],
},
trigger: {
operator: "GREATER_THAN",
severityThresholdTiers: [
{
severity: "HIGH",
threshold: 100,
},
{
severity: "MEDIUM",
threshold: 50,
},
],
},
output: {
shouldUseAllFields: true,
},
}],
correlations: {
correlationOperators: ["AND"],
},
schedule: {
cronExpression: "0 0/1 * * * ?",
timezone: "UTC",
},
},
});
import pulumi
import pulumi_logzio as logzio
log_alert_example = logzio.UnifiedAlert("log_alert_example",
title="High error rate in checkout service",
description="Triggers when the error rate of the checkout service exceeds the defined threshold.",
tags=[
"environment:production",
"service:checkout",
],
enabled=True,
linked_panel={
"folder_id": "unified-folder-uid",
"dashboard_id": "unified-dashboard-uid",
"panel_id": "A",
},
runbook="If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.",
rca=True,
rca_notification_endpoint_ids=[
101,
102,
],
use_alert_notification_endpoints_for_rca=True,
recipients={
"emails": [
"devops@company.com",
"oncall@company.com",
],
"notification_endpoint_ids": [
11,
12,
],
},
alert_configuration={
"type": "LOG_ALERT",
"search_timeframe_minutes": 15,
"suppress_notifications_minutes": 30,
"alert_output_template_type": "JSON",
"sub_components": [{
"query_definition": {
"query": "kubernetes.container_name:checkout AND level:error",
"group_bies": ["kubernetes.pod_name"],
"aggregation": {
"aggregation_type": "SUM",
"field_to_aggregate_on": "error_count",
},
"should_query_on_all_accounts": False,
"account_ids_to_query_ons": [12345],
},
"trigger": {
"operator": "GREATER_THAN",
"severity_threshold_tiers": [
{
"severity": "HIGH",
"threshold": 100,
},
{
"severity": "MEDIUM",
"threshold": 50,
},
],
},
"output": {
"should_use_all_fields": True,
},
}],
"correlations": {
"correlation_operators": ["AND"],
},
"schedule": {
"cron_expression": "0 0/1 * * * ?",
"timezone": "UTC",
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/logzio/logzio"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logzio.NewUnifiedAlert(ctx, "log_alert_example", &logzio.UnifiedAlertArgs{
Title: pulumi.String("High error rate in checkout service"),
Description: pulumi.String("Triggers when the error rate of the checkout service exceeds the defined threshold."),
Tags: pulumi.StringArray{
pulumi.String("environment:production"),
pulumi.String("service:checkout"),
},
Enabled: pulumi.Bool(true),
LinkedPanel: &logzio.UnifiedAlertLinkedPanelArgs{
FolderId: pulumi.String("unified-folder-uid"),
DashboardId: pulumi.String("unified-dashboard-uid"),
PanelId: pulumi.String("A"),
},
Runbook: pulumi.String("If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary."),
Rca: pulumi.Bool(true),
RcaNotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(101),
pulumi.Float64(102),
},
UseAlertNotificationEndpointsForRca: pulumi.Bool(true),
Recipients: &logzio.UnifiedAlertRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("devops@company.com"),
pulumi.String("oncall@company.com"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(11),
pulumi.Float64(12),
},
},
AlertConfiguration: &logzio.UnifiedAlertAlertConfigurationArgs{
Type: pulumi.String("LOG_ALERT"),
SearchTimeframeMinutes: pulumi.Float64(15),
SuppressNotificationsMinutes: pulumi.Float64(30),
AlertOutputTemplateType: pulumi.String("JSON"),
SubComponents: logzio.UnifiedAlertAlertConfigurationSubComponentArray{
&logzio.UnifiedAlertAlertConfigurationSubComponentArgs{
QueryDefinition: &logzio.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs{
Query: pulumi.String("kubernetes.container_name:checkout AND level:error"),
GroupBies: pulumi.StringArray{
pulumi.String("kubernetes.pod_name"),
},
Aggregation: &logzio.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs{
AggregationType: pulumi.String("SUM"),
FieldToAggregateOn: pulumi.String("error_count"),
},
ShouldQueryOnAllAccounts: pulumi.Bool(false),
AccountIdsToQueryOns: pulumi.Float64Array{
pulumi.Float64(12345),
},
},
Trigger: &logzio.UnifiedAlertAlertConfigurationSubComponentTriggerArgs{
Operator: pulumi.String("GREATER_THAN"),
SeverityThresholdTiers: logzio.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArray{
&logzio.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs{
Severity: pulumi.String("HIGH"),
Threshold: pulumi.Float64(100),
},
&logzio.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs{
Severity: pulumi.String("MEDIUM"),
Threshold: pulumi.Float64(50),
},
},
},
Output: &logzio.UnifiedAlertAlertConfigurationSubComponentOutputTypeArgs{
ShouldUseAllFields: pulumi.Bool(true),
},
},
},
Correlations: &logzio.UnifiedAlertAlertConfigurationCorrelationsArgs{
CorrelationOperators: pulumi.StringArray{
pulumi.String("AND"),
},
},
Schedule: &logzio.UnifiedAlertAlertConfigurationScheduleArgs{
CronExpression: pulumi.String("0 0/1 * * * ?"),
Timezone: pulumi.String("UTC"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Logzio = Pulumi.Logzio;
return await Deployment.RunAsync(() =>
{
var logAlertExample = new Logzio.UnifiedAlert("log_alert_example", new()
{
Title = "High error rate in checkout service",
Description = "Triggers when the error rate of the checkout service exceeds the defined threshold.",
Tags = new[]
{
"environment:production",
"service:checkout",
},
Enabled = true,
LinkedPanel = new Logzio.Inputs.UnifiedAlertLinkedPanelArgs
{
FolderId = "unified-folder-uid",
DashboardId = "unified-dashboard-uid",
PanelId = "A",
},
Runbook = "If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.",
Rca = true,
RcaNotificationEndpointIds = new[]
{
101,
102,
},
UseAlertNotificationEndpointsForRca = true,
Recipients = new Logzio.Inputs.UnifiedAlertRecipientsArgs
{
Emails = new[]
{
"devops@company.com",
"oncall@company.com",
},
NotificationEndpointIds = new[]
{
11,
12,
},
},
AlertConfiguration = new Logzio.Inputs.UnifiedAlertAlertConfigurationArgs
{
Type = "LOG_ALERT",
SearchTimeframeMinutes = 15,
SuppressNotificationsMinutes = 30,
AlertOutputTemplateType = "JSON",
SubComponents = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs
{
Query = "kubernetes.container_name:checkout AND level:error",
GroupBies = new[]
{
"kubernetes.pod_name",
},
Aggregation = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs
{
AggregationType = "SUM",
FieldToAggregateOn = "error_count",
},
ShouldQueryOnAllAccounts = false,
AccountIdsToQueryOns = new[]
{
12345,
},
},
Trigger = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentTriggerArgs
{
Operator = "GREATER_THAN",
SeverityThresholdTiers = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs
{
Severity = "HIGH",
Threshold = 100,
},
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs
{
Severity = "MEDIUM",
Threshold = 50,
},
},
},
Output = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentOutputArgs
{
ShouldUseAllFields = true,
},
},
},
Correlations = new Logzio.Inputs.UnifiedAlertAlertConfigurationCorrelationsArgs
{
CorrelationOperators = new[]
{
"AND",
},
},
Schedule = new Logzio.Inputs.UnifiedAlertAlertConfigurationScheduleArgs
{
CronExpression = "0 0/1 * * * ?",
Timezone = "UTC",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.logzio.UnifiedAlert;
import com.pulumi.logzio.UnifiedAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertLinkedPanelArgs;
import com.pulumi.logzio.inputs.UnifiedAlertRecipientsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationCorrelationsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationScheduleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var logAlertExample = new UnifiedAlert("logAlertExample", UnifiedAlertArgs.builder()
.title("High error rate in checkout service")
.description("Triggers when the error rate of the checkout service exceeds the defined threshold.")
.tags(
"environment:production",
"service:checkout")
.enabled(true)
.linkedPanel(UnifiedAlertLinkedPanelArgs.builder()
.folderId("unified-folder-uid")
.dashboardId("unified-dashboard-uid")
.panelId("A")
.build())
.runbook("If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.")
.rca(true)
.rcaNotificationEndpointIds(
101.0,
102.0)
.useAlertNotificationEndpointsForRca(true)
.recipients(UnifiedAlertRecipientsArgs.builder()
.emails(
"devops@company.com",
"oncall@company.com")
.notificationEndpointIds(
11.0,
12.0)
.build())
.alertConfiguration(UnifiedAlertAlertConfigurationArgs.builder()
.type("LOG_ALERT")
.searchTimeframeMinutes(15.0)
.suppressNotificationsMinutes(30.0)
.alertOutputTemplateType("JSON")
.subComponents(UnifiedAlertAlertConfigurationSubComponentArgs.builder()
.queryDefinition(UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs.builder()
.query("kubernetes.container_name:checkout AND level:error")
.groupBies("kubernetes.pod_name")
.aggregation(UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs.builder()
.aggregationType("SUM")
.fieldToAggregateOn("error_count")
.build())
.shouldQueryOnAllAccounts(false)
.accountIdsToQueryOns(12345.0)
.build())
.trigger(UnifiedAlertAlertConfigurationSubComponentTriggerArgs.builder()
.operator("GREATER_THAN")
.severityThresholdTiers(
UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs.builder()
.severity("HIGH")
.threshold(100.0)
.build(),
UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs.builder()
.severity("MEDIUM")
.threshold(50.0)
.build())
.build())
.output(UnifiedAlertAlertConfigurationSubComponentOutputArgs.builder()
.shouldUseAllFields(true)
.build())
.build())
.correlations(UnifiedAlertAlertConfigurationCorrelationsArgs.builder()
.correlationOperators("AND")
.build())
.schedule(UnifiedAlertAlertConfigurationScheduleArgs.builder()
.cronExpression("0 0/1 * * * ?")
.timezone("UTC")
.build())
.build())
.build());
}
}
resources:
logAlertExample:
type: logzio:UnifiedAlert
name: log_alert_example
properties:
title: High error rate in checkout service
description: Triggers when the error rate of the checkout service exceeds the defined threshold.
tags:
- environment:production
- service:checkout
enabled: true
linkedPanel:
folderId: unified-folder-uid
dashboardId: unified-dashboard-uid
panelId: A
runbook: If this alert fires, check checkout pods and logs, verify recent deployments, and roll back if necessary.
rca: true
rcaNotificationEndpointIds:
- 101
- 102
useAlertNotificationEndpointsForRca: true
recipients:
emails:
- devops@company.com
- oncall@company.com
notificationEndpointIds:
- 11
- 12
alertConfiguration:
type: LOG_ALERT
searchTimeframeMinutes: 15
suppressNotificationsMinutes: 30
alertOutputTemplateType: JSON
subComponents:
- queryDefinition:
query: kubernetes.container_name:checkout AND level:error
groupBies:
- kubernetes.pod_name
aggregation:
aggregationType: SUM
fieldToAggregateOn: error_count
shouldQueryOnAllAccounts: false
accountIdsToQueryOns:
- 12345
trigger:
operator: GREATER_THAN
severityThresholdTiers:
- severity: HIGH
threshold: 100
- severity: MEDIUM
threshold: 50
output:
shouldUseAllFields: true
correlations:
correlationOperators:
- AND
schedule:
cronExpression: 0 0/1 * * * ?
timezone: UTC
Log Alert With TABLE Output
When using alert_output_template_type = "TABLE", you must define output.columns in every sub_components block and set should_use_all_fields = false. TABLE output requires aggregation_type = "NONE" (or no aggregation block).
import * as pulumi from "@pulumi/pulumi";
import * as logzio from "@pulumi/logzio";
const logAlertTableExample = new logzio.UnifiedAlert("log_alert_table_example", {
title: "Error log table alert",
description: "Fires when errors exceed threshold, notification includes a table of matching log fields.",
tags: ["production"],
enabled: true,
recipients: {
emails: ["devops@company.com"],
},
alertConfiguration: {
type: "LOG_ALERT",
searchTimeframeMinutes: 10,
alertOutputTemplateType: "TABLE",
subComponents: [{
queryDefinition: {
query: "level:ERROR",
aggregation: {
aggregationType: "NONE",
},
shouldQueryOnAllAccounts: true,
},
trigger: {
operator: "GREATER_THAN",
severityThresholdTiers: [{
severity: "HIGH",
threshold: 5,
}],
},
output: {
shouldUseAllFields: false,
columns: [
{
fieldName: "@timestamp",
sort: "DESC",
},
{
fieldName: "message",
},
{
fieldName: "service",
sort: "ASC",
},
],
},
}],
},
});
import pulumi
import pulumi_logzio as logzio
log_alert_table_example = logzio.UnifiedAlert("log_alert_table_example",
title="Error log table alert",
description="Fires when errors exceed threshold, notification includes a table of matching log fields.",
tags=["production"],
enabled=True,
recipients={
"emails": ["devops@company.com"],
},
alert_configuration={
"type": "LOG_ALERT",
"search_timeframe_minutes": 10,
"alert_output_template_type": "TABLE",
"sub_components": [{
"query_definition": {
"query": "level:ERROR",
"aggregation": {
"aggregation_type": "NONE",
},
"should_query_on_all_accounts": True,
},
"trigger": {
"operator": "GREATER_THAN",
"severity_threshold_tiers": [{
"severity": "HIGH",
"threshold": 5,
}],
},
"output": {
"should_use_all_fields": False,
"columns": [
{
"field_name": "@timestamp",
"sort": "DESC",
},
{
"field_name": "message",
},
{
"field_name": "service",
"sort": "ASC",
},
],
},
}],
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/logzio/logzio"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logzio.NewUnifiedAlert(ctx, "log_alert_table_example", &logzio.UnifiedAlertArgs{
Title: pulumi.String("Error log table alert"),
Description: pulumi.String("Fires when errors exceed threshold, notification includes a table of matching log fields."),
Tags: pulumi.StringArray{
pulumi.String("production"),
},
Enabled: pulumi.Bool(true),
Recipients: &logzio.UnifiedAlertRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("devops@company.com"),
},
},
AlertConfiguration: &logzio.UnifiedAlertAlertConfigurationArgs{
Type: pulumi.String("LOG_ALERT"),
SearchTimeframeMinutes: pulumi.Float64(10),
AlertOutputTemplateType: pulumi.String("TABLE"),
SubComponents: logzio.UnifiedAlertAlertConfigurationSubComponentArray{
&logzio.UnifiedAlertAlertConfigurationSubComponentArgs{
QueryDefinition: &logzio.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs{
Query: pulumi.String("level:ERROR"),
Aggregation: &logzio.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs{
AggregationType: pulumi.String("NONE"),
},
ShouldQueryOnAllAccounts: pulumi.Bool(true),
},
Trigger: &logzio.UnifiedAlertAlertConfigurationSubComponentTriggerArgs{
Operator: pulumi.String("GREATER_THAN"),
SeverityThresholdTiers: logzio.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArray{
&logzio.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs{
Severity: pulumi.String("HIGH"),
Threshold: pulumi.Float64(5),
},
},
},
Output: &logzio.UnifiedAlertAlertConfigurationSubComponentOutputTypeArgs{
ShouldUseAllFields: pulumi.Bool(false),
Columns: logzio.UnifiedAlertAlertConfigurationSubComponentOutputColumnArray{
&logzio.UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs{
FieldName: pulumi.String("@timestamp"),
Sort: pulumi.String("DESC"),
},
&logzio.UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs{
FieldName: pulumi.String("message"),
},
&logzio.UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs{
FieldName: pulumi.String("service"),
Sort: pulumi.String("ASC"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Logzio = Pulumi.Logzio;
return await Deployment.RunAsync(() =>
{
var logAlertTableExample = new Logzio.UnifiedAlert("log_alert_table_example", new()
{
Title = "Error log table alert",
Description = "Fires when errors exceed threshold, notification includes a table of matching log fields.",
Tags = new[]
{
"production",
},
Enabled = true,
Recipients = new Logzio.Inputs.UnifiedAlertRecipientsArgs
{
Emails = new[]
{
"devops@company.com",
},
},
AlertConfiguration = new Logzio.Inputs.UnifiedAlertAlertConfigurationArgs
{
Type = "LOG_ALERT",
SearchTimeframeMinutes = 10,
AlertOutputTemplateType = "TABLE",
SubComponents = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs
{
Query = "level:ERROR",
Aggregation = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs
{
AggregationType = "NONE",
},
ShouldQueryOnAllAccounts = true,
},
Trigger = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentTriggerArgs
{
Operator = "GREATER_THAN",
SeverityThresholdTiers = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs
{
Severity = "HIGH",
Threshold = 5,
},
},
},
Output = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentOutputArgs
{
ShouldUseAllFields = false,
Columns = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs
{
FieldName = "@timestamp",
Sort = "DESC",
},
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs
{
FieldName = "message",
},
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs
{
FieldName = "service",
Sort = "ASC",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.logzio.UnifiedAlert;
import com.pulumi.logzio.UnifiedAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertRecipientsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var logAlertTableExample = new UnifiedAlert("logAlertTableExample", UnifiedAlertArgs.builder()
.title("Error log table alert")
.description("Fires when errors exceed threshold, notification includes a table of matching log fields.")
.tags("production")
.enabled(true)
.recipients(UnifiedAlertRecipientsArgs.builder()
.emails("devops@company.com")
.build())
.alertConfiguration(UnifiedAlertAlertConfigurationArgs.builder()
.type("LOG_ALERT")
.searchTimeframeMinutes(10.0)
.alertOutputTemplateType("TABLE")
.subComponents(UnifiedAlertAlertConfigurationSubComponentArgs.builder()
.queryDefinition(UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs.builder()
.query("level:ERROR")
.aggregation(UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs.builder()
.aggregationType("NONE")
.build())
.shouldQueryOnAllAccounts(true)
.build())
.trigger(UnifiedAlertAlertConfigurationSubComponentTriggerArgs.builder()
.operator("GREATER_THAN")
.severityThresholdTiers(UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs.builder()
.severity("HIGH")
.threshold(5.0)
.build())
.build())
.output(UnifiedAlertAlertConfigurationSubComponentOutputArgs.builder()
.shouldUseAllFields(false)
.columns(
UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs.builder()
.fieldName("@timestamp")
.sort("DESC")
.build(),
UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs.builder()
.fieldName("message")
.build(),
UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs.builder()
.fieldName("service")
.sort("ASC")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
logAlertTableExample:
type: logzio:UnifiedAlert
name: log_alert_table_example
properties:
title: Error log table alert
description: Fires when errors exceed threshold, notification includes a table of matching log fields.
tags:
- production
enabled: true
recipients:
emails:
- devops@company.com
alertConfiguration:
type: LOG_ALERT
searchTimeframeMinutes: 10
alertOutputTemplateType: TABLE
subComponents:
- queryDefinition:
query: level:ERROR
aggregation:
aggregationType: NONE
shouldQueryOnAllAccounts: true
trigger:
operator: GREATER_THAN
severityThresholdTiers:
- severity: HIGH
threshold: 5
output:
shouldUseAllFields: false
columns:
- fieldName: '@timestamp'
sort: DESC
- fieldName: message
- fieldName: service
sort: ASC
Metric Alert (Threshold)
import * as pulumi from "@pulumi/pulumi";
import * as logzio from "@pulumi/logzio";
const metricAlertExample = new logzio.UnifiedAlert("metric_alert_example", {
title: "High 5xx rate (absolute)",
description: "Fire when 5xx requests exceed 5 req/min over 5 minutes.",
tags: [
"environment:production",
"service:checkout",
],
enabled: true,
recipients: {
emails: ["devops@company.com"],
notificationEndpointIds: [
11,
12,
],
},
alertConfiguration: {
type: "METRIC_ALERT",
severity: "INFO",
trigger: {
type: "threshold",
condition: {
operatorType: "above",
threshold: 5,
},
},
queries: [{
refId: "A",
queryDefinition: {
accountId: 12345,
promqlQuery: "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
}],
},
});
import pulumi
import pulumi_logzio as logzio
metric_alert_example = logzio.UnifiedAlert("metric_alert_example",
title="High 5xx rate (absolute)",
description="Fire when 5xx requests exceed 5 req/min over 5 minutes.",
tags=[
"environment:production",
"service:checkout",
],
enabled=True,
recipients={
"emails": ["devops@company.com"],
"notification_endpoint_ids": [
11,
12,
],
},
alert_configuration={
"type": "METRIC_ALERT",
"severity": "INFO",
"trigger": {
"type": "threshold",
"condition": {
"operator_type": "above",
"threshold": 5,
},
},
"queries": [{
"ref_id": "A",
"query_definition": {
"account_id": 12345,
"promql_query": "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
}],
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/logzio/logzio"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logzio.NewUnifiedAlert(ctx, "metric_alert_example", &logzio.UnifiedAlertArgs{
Title: pulumi.String("High 5xx rate (absolute)"),
Description: pulumi.String("Fire when 5xx requests exceed 5 req/min over 5 minutes."),
Tags: pulumi.StringArray{
pulumi.String("environment:production"),
pulumi.String("service:checkout"),
},
Enabled: pulumi.Bool(true),
Recipients: &logzio.UnifiedAlertRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("devops@company.com"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(11),
pulumi.Float64(12),
},
},
AlertConfiguration: &logzio.UnifiedAlertAlertConfigurationArgs{
Type: pulumi.String("METRIC_ALERT"),
Severity: pulumi.String("INFO"),
Trigger: &logzio.UnifiedAlertAlertConfigurationTriggerArgs{
Type: pulumi.String("threshold"),
Condition: &logzio.UnifiedAlertAlertConfigurationTriggerConditionArgs{
OperatorType: pulumi.String("above"),
Threshold: pulumi.Float64(5),
},
},
Queries: logzio.UnifiedAlertAlertConfigurationQueryArray{
&logzio.UnifiedAlertAlertConfigurationQueryArgs{
RefId: pulumi.String("A"),
QueryDefinition: &logzio.UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs{
AccountId: pulumi.Float64(12345),
PromqlQuery: pulumi.String("sum(rate(http_requests_total{status=~\"5..\"}[5m]))"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Logzio = Pulumi.Logzio;
return await Deployment.RunAsync(() =>
{
var metricAlertExample = new Logzio.UnifiedAlert("metric_alert_example", new()
{
Title = "High 5xx rate (absolute)",
Description = "Fire when 5xx requests exceed 5 req/min over 5 minutes.",
Tags = new[]
{
"environment:production",
"service:checkout",
},
Enabled = true,
Recipients = new Logzio.Inputs.UnifiedAlertRecipientsArgs
{
Emails = new[]
{
"devops@company.com",
},
NotificationEndpointIds = new[]
{
11,
12,
},
},
AlertConfiguration = new Logzio.Inputs.UnifiedAlertAlertConfigurationArgs
{
Type = "METRIC_ALERT",
Severity = "INFO",
Trigger = new Logzio.Inputs.UnifiedAlertAlertConfigurationTriggerArgs
{
Type = "threshold",
Condition = new Logzio.Inputs.UnifiedAlertAlertConfigurationTriggerConditionArgs
{
OperatorType = "above",
Threshold = 5,
},
},
Queries = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationQueryArgs
{
RefId = "A",
QueryDefinition = new Logzio.Inputs.UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs
{
AccountId = 12345,
PromqlQuery = "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.logzio.UnifiedAlert;
import com.pulumi.logzio.UnifiedAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertRecipientsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationTriggerArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationTriggerConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var metricAlertExample = new UnifiedAlert("metricAlertExample", UnifiedAlertArgs.builder()
.title("High 5xx rate (absolute)")
.description("Fire when 5xx requests exceed 5 req/min over 5 minutes.")
.tags(
"environment:production",
"service:checkout")
.enabled(true)
.recipients(UnifiedAlertRecipientsArgs.builder()
.emails("devops@company.com")
.notificationEndpointIds(
11.0,
12.0)
.build())
.alertConfiguration(UnifiedAlertAlertConfigurationArgs.builder()
.type("METRIC_ALERT")
.severity("INFO")
.trigger(UnifiedAlertAlertConfigurationTriggerArgs.builder()
.type("threshold")
.condition(UnifiedAlertAlertConfigurationTriggerConditionArgs.builder()
.operatorType("above")
.threshold(5.0)
.build())
.build())
.queries(UnifiedAlertAlertConfigurationQueryArgs.builder()
.refId("A")
.queryDefinition(UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs.builder()
.accountId(12345.0)
.promqlQuery("sum(rate(http_requests_total{status=~\"5..\"}[5m]))")
.build())
.build())
.build())
.build());
}
}
resources:
metricAlertExample:
type: logzio:UnifiedAlert
name: metric_alert_example
properties:
title: High 5xx rate (absolute)
description: Fire when 5xx requests exceed 5 req/min over 5 minutes.
tags:
- environment:production
- service:checkout
enabled: true
recipients:
emails:
- devops@company.com
notificationEndpointIds:
- 11
- 12
alertConfiguration:
type: METRIC_ALERT
severity: INFO
trigger:
type: threshold
condition:
operatorType: above
threshold: 5
queries:
- refId: A
queryDefinition:
accountId: 12345
promqlQuery: sum(rate(http_requests_total{status=~"5.."}[5m]))
Metric Alert With Math Expression
import * as pulumi from "@pulumi/pulumi";
import * as logzio from "@pulumi/logzio";
const metricMathAlert = new logzio.UnifiedAlert("metric_math_alert", {
title: "5xx error rate percentage is high",
description: "Fire when 5xx responses exceed 2% of total requests over 5 minutes.",
tags: [
"environment:production",
"service:checkout",
],
enabled: true,
recipients: {
emails: ["devops@company.com"],
notificationEndpointIds: [
11,
12,
],
},
alertConfiguration: {
type: "METRIC_ALERT",
severity: "INFO",
trigger: {
type: "math",
expression: "($A / $B) * 100",
},
queries: [
{
refId: "A",
queryDefinition: {
accountId: 12345,
promqlQuery: "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
},
{
refId: "B",
queryDefinition: {
accountId: 12345,
promqlQuery: "sum(rate(http_requests_total[5m]))",
},
},
],
},
});
import pulumi
import pulumi_logzio as logzio
metric_math_alert = logzio.UnifiedAlert("metric_math_alert",
title="5xx error rate percentage is high",
description="Fire when 5xx responses exceed 2% of total requests over 5 minutes.",
tags=[
"environment:production",
"service:checkout",
],
enabled=True,
recipients={
"emails": ["devops@company.com"],
"notification_endpoint_ids": [
11,
12,
],
},
alert_configuration={
"type": "METRIC_ALERT",
"severity": "INFO",
"trigger": {
"type": "math",
"expression": "($A / $B) * 100",
},
"queries": [
{
"ref_id": "A",
"query_definition": {
"account_id": 12345,
"promql_query": "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
},
{
"ref_id": "B",
"query_definition": {
"account_id": 12345,
"promql_query": "sum(rate(http_requests_total[5m]))",
},
},
],
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/logzio/logzio"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logzio.NewUnifiedAlert(ctx, "metric_math_alert", &logzio.UnifiedAlertArgs{
Title: pulumi.String("5xx error rate percentage is high"),
Description: pulumi.String("Fire when 5xx responses exceed 2% of total requests over 5 minutes."),
Tags: pulumi.StringArray{
pulumi.String("environment:production"),
pulumi.String("service:checkout"),
},
Enabled: pulumi.Bool(true),
Recipients: &logzio.UnifiedAlertRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("devops@company.com"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(11),
pulumi.Float64(12),
},
},
AlertConfiguration: &logzio.UnifiedAlertAlertConfigurationArgs{
Type: pulumi.String("METRIC_ALERT"),
Severity: pulumi.String("INFO"),
Trigger: &logzio.UnifiedAlertAlertConfigurationTriggerArgs{
Type: pulumi.String("math"),
Expression: pulumi.String("($A / $B) * 100"),
},
Queries: logzio.UnifiedAlertAlertConfigurationQueryArray{
&logzio.UnifiedAlertAlertConfigurationQueryArgs{
RefId: pulumi.String("A"),
QueryDefinition: &logzio.UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs{
AccountId: pulumi.Float64(12345),
PromqlQuery: pulumi.String("sum(rate(http_requests_total{status=~\"5..\"}[5m]))"),
},
},
&logzio.UnifiedAlertAlertConfigurationQueryArgs{
RefId: pulumi.String("B"),
QueryDefinition: &logzio.UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs{
AccountId: pulumi.Float64(12345),
PromqlQuery: pulumi.String("sum(rate(http_requests_total[5m]))"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Logzio = Pulumi.Logzio;
return await Deployment.RunAsync(() =>
{
var metricMathAlert = new Logzio.UnifiedAlert("metric_math_alert", new()
{
Title = "5xx error rate percentage is high",
Description = "Fire when 5xx responses exceed 2% of total requests over 5 minutes.",
Tags = new[]
{
"environment:production",
"service:checkout",
},
Enabled = true,
Recipients = new Logzio.Inputs.UnifiedAlertRecipientsArgs
{
Emails = new[]
{
"devops@company.com",
},
NotificationEndpointIds = new[]
{
11,
12,
},
},
AlertConfiguration = new Logzio.Inputs.UnifiedAlertAlertConfigurationArgs
{
Type = "METRIC_ALERT",
Severity = "INFO",
Trigger = new Logzio.Inputs.UnifiedAlertAlertConfigurationTriggerArgs
{
Type = "math",
Expression = "($A / $B) * 100",
},
Queries = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationQueryArgs
{
RefId = "A",
QueryDefinition = new Logzio.Inputs.UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs
{
AccountId = 12345,
PromqlQuery = "sum(rate(http_requests_total{status=~\"5..\"}[5m]))",
},
},
new Logzio.Inputs.UnifiedAlertAlertConfigurationQueryArgs
{
RefId = "B",
QueryDefinition = new Logzio.Inputs.UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs
{
AccountId = 12345,
PromqlQuery = "sum(rate(http_requests_total[5m]))",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.logzio.UnifiedAlert;
import com.pulumi.logzio.UnifiedAlertArgs;
import com.pulumi.logzio.inputs.UnifiedAlertRecipientsArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationArgs;
import com.pulumi.logzio.inputs.UnifiedAlertAlertConfigurationTriggerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var metricMathAlert = new UnifiedAlert("metricMathAlert", UnifiedAlertArgs.builder()
.title("5xx error rate percentage is high")
.description("Fire when 5xx responses exceed 2% of total requests over 5 minutes.")
.tags(
"environment:production",
"service:checkout")
.enabled(true)
.recipients(UnifiedAlertRecipientsArgs.builder()
.emails("devops@company.com")
.notificationEndpointIds(
11.0,
12.0)
.build())
.alertConfiguration(UnifiedAlertAlertConfigurationArgs.builder()
.type("METRIC_ALERT")
.severity("INFO")
.trigger(UnifiedAlertAlertConfigurationTriggerArgs.builder()
.type("math")
.expression("($A / $B) * 100")
.build())
.queries(
UnifiedAlertAlertConfigurationQueryArgs.builder()
.refId("A")
.queryDefinition(UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs.builder()
.accountId(12345.0)
.promqlQuery("sum(rate(http_requests_total{status=~\"5..\"}[5m]))")
.build())
.build(),
UnifiedAlertAlertConfigurationQueryArgs.builder()
.refId("B")
.queryDefinition(UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs.builder()
.accountId(12345.0)
.promqlQuery("sum(rate(http_requests_total[5m]))")
.build())
.build())
.build())
.build());
}
}
resources:
metricMathAlert:
type: logzio:UnifiedAlert
name: metric_math_alert
properties:
title: 5xx error rate percentage is high
description: Fire when 5xx responses exceed 2% of total requests over 5 minutes.
tags:
- environment:production
- service:checkout
enabled: true
recipients:
emails:
- devops@company.com
notificationEndpointIds:
- 11
- 12
alertConfiguration:
type: METRIC_ALERT
severity: INFO
trigger:
type: math
expression: ($A / $B) * 100
queries:
- refId: A
queryDefinition:
accountId: 12345
promqlQuery: sum(rate(http_requests_total{status=~"5.."}[5m]))
- refId: B
queryDefinition:
accountId: 12345
promqlQuery: sum(rate(http_requests_total[5m]))
Create UnifiedAlert Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new UnifiedAlert(name: string, args: UnifiedAlertArgs, opts?: CustomResourceOptions);@overload
def UnifiedAlert(resource_name: str,
args: UnifiedAlertArgs,
opts: Optional[ResourceOptions] = None)
@overload
def UnifiedAlert(resource_name: str,
opts: Optional[ResourceOptions] = None,
alert_configuration: Optional[UnifiedAlertAlertConfigurationArgs] = None,
title: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
linked_panel: Optional[UnifiedAlertLinkedPanelArgs] = None,
rca: Optional[bool] = None,
rca_notification_endpoint_ids: Optional[Sequence[float]] = None,
recipients: Optional[UnifiedAlertRecipientsArgs] = None,
runbook: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
unified_alert_id: Optional[str] = None,
use_alert_notification_endpoints_for_rca: Optional[bool] = None)func NewUnifiedAlert(ctx *Context, name string, args UnifiedAlertArgs, opts ...ResourceOption) (*UnifiedAlert, error)public UnifiedAlert(string name, UnifiedAlertArgs args, CustomResourceOptions? opts = null)
public UnifiedAlert(String name, UnifiedAlertArgs args)
public UnifiedAlert(String name, UnifiedAlertArgs args, CustomResourceOptions options)
type: logzio:UnifiedAlert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UnifiedAlertArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var unifiedAlertResource = new Logzio.Index.UnifiedAlert("unifiedAlertResource", new()
{
AlertConfiguration = new Logzio.Inputs.UnifiedAlertAlertConfigurationArgs
{
Type = "string",
AlertOutputTemplateType = "string",
Correlations = new Logzio.Inputs.UnifiedAlertAlertConfigurationCorrelationsArgs
{
CorrelationOperators = new[]
{
"string",
},
Joins = new[]
{
{
{ "string", "string" },
},
},
},
Queries = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationQueryArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs
{
PromqlQuery = "string",
AccountId = 0,
},
RefId = "string",
},
},
Schedule = new Logzio.Inputs.UnifiedAlertAlertConfigurationScheduleArgs
{
CronExpression = "string",
Timezone = "string",
},
SearchTimeframeMinutes = 0,
Severity = "string",
SubComponents = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentArgs
{
QueryDefinition = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs
{
Query = "string",
AccountIdsToQueryOns = new[]
{
0,
},
Aggregation = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs
{
AggregationType = "string",
FieldToAggregateOn = "string",
ValueToAggregateOn = "string",
},
Filters = "string",
GroupBies = new[]
{
"string",
},
ShouldQueryOnAllAccounts = false,
},
Trigger = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentTriggerArgs
{
Operator = "string",
SeverityThresholdTiers = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs
{
Severity = "string",
Threshold = 0,
},
},
},
Output = new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentOutputArgs
{
Columns = new[]
{
new Logzio.Inputs.UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs
{
FieldName = "string",
Regex = "string",
Sort = "string",
},
},
ShouldUseAllFields = false,
},
},
},
SuppressNotificationsMinutes = 0,
Trigger = new Logzio.Inputs.UnifiedAlertAlertConfigurationTriggerArgs
{
Type = "string",
Condition = new Logzio.Inputs.UnifiedAlertAlertConfigurationTriggerConditionArgs
{
OperatorType = "string",
From = 0,
Threshold = 0,
To = 0,
},
Expression = "string",
},
},
Title = "string",
Description = "string",
Enabled = false,
LinkedPanel = new Logzio.Inputs.UnifiedAlertLinkedPanelArgs
{
DashboardId = "string",
FolderId = "string",
PanelId = "string",
},
Rca = false,
RcaNotificationEndpointIds = new[]
{
0,
},
Recipients = new Logzio.Inputs.UnifiedAlertRecipientsArgs
{
Emails = new[]
{
"string",
},
NotificationEndpointIds = new[]
{
0,
},
},
Runbook = "string",
Tags = new[]
{
"string",
},
UnifiedAlertId = "string",
UseAlertNotificationEndpointsForRca = false,
});
example, err := logzio.NewUnifiedAlert(ctx, "unifiedAlertResource", &logzio.UnifiedAlertArgs{
AlertConfiguration: &logzio.UnifiedAlertAlertConfigurationArgs{
Type: pulumi.String("string"),
AlertOutputTemplateType: pulumi.String("string"),
Correlations: &logzio.UnifiedAlertAlertConfigurationCorrelationsArgs{
CorrelationOperators: pulumi.StringArray{
pulumi.String("string"),
},
Joins: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
},
Queries: logzio.UnifiedAlertAlertConfigurationQueryArray{
&logzio.UnifiedAlertAlertConfigurationQueryArgs{
QueryDefinition: &logzio.UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs{
PromqlQuery: pulumi.String("string"),
AccountId: pulumi.Float64(0),
},
RefId: pulumi.String("string"),
},
},
Schedule: &logzio.UnifiedAlertAlertConfigurationScheduleArgs{
CronExpression: pulumi.String("string"),
Timezone: pulumi.String("string"),
},
SearchTimeframeMinutes: pulumi.Float64(0),
Severity: pulumi.String("string"),
SubComponents: logzio.UnifiedAlertAlertConfigurationSubComponentArray{
&logzio.UnifiedAlertAlertConfigurationSubComponentArgs{
QueryDefinition: &logzio.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs{
Query: pulumi.String("string"),
AccountIdsToQueryOns: pulumi.Float64Array{
pulumi.Float64(0),
},
Aggregation: &logzio.UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs{
AggregationType: pulumi.String("string"),
FieldToAggregateOn: pulumi.String("string"),
ValueToAggregateOn: pulumi.String("string"),
},
Filters: pulumi.String("string"),
GroupBies: pulumi.StringArray{
pulumi.String("string"),
},
ShouldQueryOnAllAccounts: pulumi.Bool(false),
},
Trigger: &logzio.UnifiedAlertAlertConfigurationSubComponentTriggerArgs{
Operator: pulumi.String("string"),
SeverityThresholdTiers: logzio.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArray{
&logzio.UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs{
Severity: pulumi.String("string"),
Threshold: pulumi.Float64(0),
},
},
},
Output: &logzio.UnifiedAlertAlertConfigurationSubComponentOutputTypeArgs{
Columns: logzio.UnifiedAlertAlertConfigurationSubComponentOutputColumnArray{
&logzio.UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs{
FieldName: pulumi.String("string"),
Regex: pulumi.String("string"),
Sort: pulumi.String("string"),
},
},
ShouldUseAllFields: pulumi.Bool(false),
},
},
},
SuppressNotificationsMinutes: pulumi.Float64(0),
Trigger: &logzio.UnifiedAlertAlertConfigurationTriggerArgs{
Type: pulumi.String("string"),
Condition: &logzio.UnifiedAlertAlertConfigurationTriggerConditionArgs{
OperatorType: pulumi.String("string"),
From: pulumi.Float64(0),
Threshold: pulumi.Float64(0),
To: pulumi.Float64(0),
},
Expression: pulumi.String("string"),
},
},
Title: pulumi.String("string"),
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
LinkedPanel: &logzio.UnifiedAlertLinkedPanelArgs{
DashboardId: pulumi.String("string"),
FolderId: pulumi.String("string"),
PanelId: pulumi.String("string"),
},
Rca: pulumi.Bool(false),
RcaNotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(0),
},
Recipients: &logzio.UnifiedAlertRecipientsArgs{
Emails: pulumi.StringArray{
pulumi.String("string"),
},
NotificationEndpointIds: pulumi.Float64Array{
pulumi.Float64(0),
},
},
Runbook: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
UnifiedAlertId: pulumi.String("string"),
UseAlertNotificationEndpointsForRca: pulumi.Bool(false),
})
var unifiedAlertResource = new UnifiedAlert("unifiedAlertResource", UnifiedAlertArgs.builder()
.alertConfiguration(UnifiedAlertAlertConfigurationArgs.builder()
.type("string")
.alertOutputTemplateType("string")
.correlations(UnifiedAlertAlertConfigurationCorrelationsArgs.builder()
.correlationOperators("string")
.joins(Map.of("string", "string"))
.build())
.queries(UnifiedAlertAlertConfigurationQueryArgs.builder()
.queryDefinition(UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs.builder()
.promqlQuery("string")
.accountId(0.0)
.build())
.refId("string")
.build())
.schedule(UnifiedAlertAlertConfigurationScheduleArgs.builder()
.cronExpression("string")
.timezone("string")
.build())
.searchTimeframeMinutes(0.0)
.severity("string")
.subComponents(UnifiedAlertAlertConfigurationSubComponentArgs.builder()
.queryDefinition(UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs.builder()
.query("string")
.accountIdsToQueryOns(0.0)
.aggregation(UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs.builder()
.aggregationType("string")
.fieldToAggregateOn("string")
.valueToAggregateOn("string")
.build())
.filters("string")
.groupBies("string")
.shouldQueryOnAllAccounts(false)
.build())
.trigger(UnifiedAlertAlertConfigurationSubComponentTriggerArgs.builder()
.operator("string")
.severityThresholdTiers(UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs.builder()
.severity("string")
.threshold(0.0)
.build())
.build())
.output(UnifiedAlertAlertConfigurationSubComponentOutputArgs.builder()
.columns(UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs.builder()
.fieldName("string")
.regex("string")
.sort("string")
.build())
.shouldUseAllFields(false)
.build())
.build())
.suppressNotificationsMinutes(0.0)
.trigger(UnifiedAlertAlertConfigurationTriggerArgs.builder()
.type("string")
.condition(UnifiedAlertAlertConfigurationTriggerConditionArgs.builder()
.operatorType("string")
.from(0.0)
.threshold(0.0)
.to(0.0)
.build())
.expression("string")
.build())
.build())
.title("string")
.description("string")
.enabled(false)
.linkedPanel(UnifiedAlertLinkedPanelArgs.builder()
.dashboardId("string")
.folderId("string")
.panelId("string")
.build())
.rca(false)
.rcaNotificationEndpointIds(0.0)
.recipients(UnifiedAlertRecipientsArgs.builder()
.emails("string")
.notificationEndpointIds(0.0)
.build())
.runbook("string")
.tags("string")
.unifiedAlertId("string")
.useAlertNotificationEndpointsForRca(false)
.build());
unified_alert_resource = logzio.UnifiedAlert("unifiedAlertResource",
alert_configuration={
"type": "string",
"alert_output_template_type": "string",
"correlations": {
"correlation_operators": ["string"],
"joins": [{
"string": "string",
}],
},
"queries": [{
"query_definition": {
"promql_query": "string",
"account_id": 0,
},
"ref_id": "string",
}],
"schedule": {
"cron_expression": "string",
"timezone": "string",
},
"search_timeframe_minutes": 0,
"severity": "string",
"sub_components": [{
"query_definition": {
"query": "string",
"account_ids_to_query_ons": [0],
"aggregation": {
"aggregation_type": "string",
"field_to_aggregate_on": "string",
"value_to_aggregate_on": "string",
},
"filters": "string",
"group_bies": ["string"],
"should_query_on_all_accounts": False,
},
"trigger": {
"operator": "string",
"severity_threshold_tiers": [{
"severity": "string",
"threshold": 0,
}],
},
"output": {
"columns": [{
"field_name": "string",
"regex": "string",
"sort": "string",
}],
"should_use_all_fields": False,
},
}],
"suppress_notifications_minutes": 0,
"trigger": {
"type": "string",
"condition": {
"operator_type": "string",
"from_": 0,
"threshold": 0,
"to": 0,
},
"expression": "string",
},
},
title="string",
description="string",
enabled=False,
linked_panel={
"dashboard_id": "string",
"folder_id": "string",
"panel_id": "string",
},
rca=False,
rca_notification_endpoint_ids=[0],
recipients={
"emails": ["string"],
"notification_endpoint_ids": [0],
},
runbook="string",
tags=["string"],
unified_alert_id="string",
use_alert_notification_endpoints_for_rca=False)
const unifiedAlertResource = new logzio.UnifiedAlert("unifiedAlertResource", {
alertConfiguration: {
type: "string",
alertOutputTemplateType: "string",
correlations: {
correlationOperators: ["string"],
joins: [{
string: "string",
}],
},
queries: [{
queryDefinition: {
promqlQuery: "string",
accountId: 0,
},
refId: "string",
}],
schedule: {
cronExpression: "string",
timezone: "string",
},
searchTimeframeMinutes: 0,
severity: "string",
subComponents: [{
queryDefinition: {
query: "string",
accountIdsToQueryOns: [0],
aggregation: {
aggregationType: "string",
fieldToAggregateOn: "string",
valueToAggregateOn: "string",
},
filters: "string",
groupBies: ["string"],
shouldQueryOnAllAccounts: false,
},
trigger: {
operator: "string",
severityThresholdTiers: [{
severity: "string",
threshold: 0,
}],
},
output: {
columns: [{
fieldName: "string",
regex: "string",
sort: "string",
}],
shouldUseAllFields: false,
},
}],
suppressNotificationsMinutes: 0,
trigger: {
type: "string",
condition: {
operatorType: "string",
from: 0,
threshold: 0,
to: 0,
},
expression: "string",
},
},
title: "string",
description: "string",
enabled: false,
linkedPanel: {
dashboardId: "string",
folderId: "string",
panelId: "string",
},
rca: false,
rcaNotificationEndpointIds: [0],
recipients: {
emails: ["string"],
notificationEndpointIds: [0],
},
runbook: "string",
tags: ["string"],
unifiedAlertId: "string",
useAlertNotificationEndpointsForRca: false,
});
type: logzio:UnifiedAlert
properties:
alertConfiguration:
alertOutputTemplateType: string
correlations:
correlationOperators:
- string
joins:
- string: string
queries:
- queryDefinition:
accountId: 0
promqlQuery: string
refId: string
schedule:
cronExpression: string
timezone: string
searchTimeframeMinutes: 0
severity: string
subComponents:
- output:
columns:
- fieldName: string
regex: string
sort: string
shouldUseAllFields: false
queryDefinition:
accountIdsToQueryOns:
- 0
aggregation:
aggregationType: string
fieldToAggregateOn: string
valueToAggregateOn: string
filters: string
groupBies:
- string
query: string
shouldQueryOnAllAccounts: false
trigger:
operator: string
severityThresholdTiers:
- severity: string
threshold: 0
suppressNotificationsMinutes: 0
trigger:
condition:
from: 0
operatorType: string
threshold: 0
to: 0
expression: string
type: string
type: string
description: string
enabled: false
linkedPanel:
dashboardId: string
folderId: string
panelId: string
rca: false
rcaNotificationEndpointIds:
- 0
recipients:
emails:
- string
notificationEndpointIds:
- 0
runbook: string
tags:
- string
title: string
unifiedAlertId: string
useAlertNotificationEndpointsForRca: false
UnifiedAlert Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The UnifiedAlert resource accepts the following input properties:
- Alert
Configuration UnifiedAlert Alert Configuration - Title string
- Description string
- Enabled bool
- Linked
Panel UnifiedAlert Linked Panel - Rca bool
- Rca
Notification List<double>Endpoint Ids - Recipients
Unified
Alert Recipients - Runbook string
- List<string>
- Unified
Alert stringId - Use
Alert boolNotification Endpoints For Rca
- Alert
Configuration UnifiedAlert Alert Configuration Args - Title string
- Description string
- Enabled bool
- Linked
Panel UnifiedAlert Linked Panel Args - Rca bool
- Rca
Notification []float64Endpoint Ids - Recipients
Unified
Alert Recipients Args - Runbook string
- []string
- Unified
Alert stringId - Use
Alert boolNotification Endpoints For Rca
- alert
Configuration UnifiedAlert Alert Configuration - title String
- description String
- enabled Boolean
- linked
Panel UnifiedAlert Linked Panel - rca Boolean
- rca
Notification List<Double>Endpoint Ids - recipients
Unified
Alert Recipients - runbook String
- List<String>
- unified
Alert StringId - use
Alert BooleanNotification Endpoints For Rca
- alert
Configuration UnifiedAlert Alert Configuration - title string
- description string
- enabled boolean
- linked
Panel UnifiedAlert Linked Panel - rca boolean
- rca
Notification number[]Endpoint Ids - recipients
Unified
Alert Recipients - runbook string
- string[]
- unified
Alert stringId - use
Alert booleanNotification Endpoints For Rca
- alert_
configuration UnifiedAlert Alert Configuration Args - title str
- description str
- enabled bool
- linked_
panel UnifiedAlert Linked Panel Args - rca bool
- rca_
notification_ Sequence[float]endpoint_ ids - recipients
Unified
Alert Recipients Args - runbook str
- Sequence[str]
- unified_
alert_ strid - use_
alert_ boolnotification_ endpoints_ for_ rca
- alert
Configuration Property Map - title String
- description String
- enabled Boolean
- linked
Panel Property Map - rca Boolean
- rca
Notification List<Number>Endpoint Ids - recipients Property Map
- runbook String
- List<String>
- unified
Alert StringId - use
Alert BooleanNotification Endpoints For Rca
Outputs
All input properties are implicitly available as output properties. Additionally, the UnifiedAlert resource produces the following output properties:
- Alert
Id string - The unique alert identifier assigned by Logz.io.
- Created
At double - Unix timestamp (float) of alert creation.
- Created
By string - Email of the user who created the alert.
- Id string
- The provider-assigned unique ID for this managed resource.
- Updated
At double - Unix timestamp (float) of last update.
- Updated
By string - Email of the user who last updated the alert.
- Alert
Id string - The unique alert identifier assigned by Logz.io.
- Created
At float64 - Unix timestamp (float) of alert creation.
- Created
By string - Email of the user who created the alert.
- Id string
- The provider-assigned unique ID for this managed resource.
- Updated
At float64 - Unix timestamp (float) of last update.
- Updated
By string - Email of the user who last updated the alert.
- alert
Id String - The unique alert identifier assigned by Logz.io.
- created
At Double - Unix timestamp (float) of alert creation.
- created
By String - Email of the user who created the alert.
- id String
- The provider-assigned unique ID for this managed resource.
- updated
At Double - Unix timestamp (float) of last update.
- updated
By String - Email of the user who last updated the alert.
- alert
Id string - The unique alert identifier assigned by Logz.io.
- created
At number - Unix timestamp (float) of alert creation.
- created
By string - Email of the user who created the alert.
- id string
- The provider-assigned unique ID for this managed resource.
- updated
At number - Unix timestamp (float) of last update.
- updated
By string - Email of the user who last updated the alert.
- alert_
id str - The unique alert identifier assigned by Logz.io.
- created_
at float - Unix timestamp (float) of alert creation.
- created_
by str - Email of the user who created the alert.
- id str
- The provider-assigned unique ID for this managed resource.
- updated_
at float - Unix timestamp (float) of last update.
- updated_
by str - Email of the user who last updated the alert.
- alert
Id String - The unique alert identifier assigned by Logz.io.
- created
At Number - Unix timestamp (float) of alert creation.
- created
By String - Email of the user who created the alert.
- id String
- The provider-assigned unique ID for this managed resource.
- updated
At Number - Unix timestamp (float) of last update.
- updated
By String - Email of the user who last updated the alert.
Look up Existing UnifiedAlert Resource
Get an existing UnifiedAlert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UnifiedAlertState, opts?: CustomResourceOptions): UnifiedAlert@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alert_configuration: Optional[UnifiedAlertAlertConfigurationArgs] = None,
alert_id: Optional[str] = None,
created_at: Optional[float] = None,
created_by: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
linked_panel: Optional[UnifiedAlertLinkedPanelArgs] = None,
rca: Optional[bool] = None,
rca_notification_endpoint_ids: Optional[Sequence[float]] = None,
recipients: Optional[UnifiedAlertRecipientsArgs] = None,
runbook: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
title: Optional[str] = None,
unified_alert_id: Optional[str] = None,
updated_at: Optional[float] = None,
updated_by: Optional[str] = None,
use_alert_notification_endpoints_for_rca: Optional[bool] = None) -> UnifiedAlertfunc GetUnifiedAlert(ctx *Context, name string, id IDInput, state *UnifiedAlertState, opts ...ResourceOption) (*UnifiedAlert, error)public static UnifiedAlert Get(string name, Input<string> id, UnifiedAlertState? state, CustomResourceOptions? opts = null)public static UnifiedAlert get(String name, Output<String> id, UnifiedAlertState state, CustomResourceOptions options)resources: _: type: logzio:UnifiedAlert get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alert
Configuration UnifiedAlert Alert Configuration - Alert
Id string - The unique alert identifier assigned by Logz.io.
- Created
At double - Unix timestamp (float) of alert creation.
- Created
By string - Email of the user who created the alert.
- Description string
- Enabled bool
- Linked
Panel UnifiedAlert Linked Panel - Rca bool
- Rca
Notification List<double>Endpoint Ids - Recipients
Unified
Alert Recipients - Runbook string
- List<string>
- Title string
- Unified
Alert stringId - Updated
At double - Unix timestamp (float) of last update.
- Updated
By string - Email of the user who last updated the alert.
- Use
Alert boolNotification Endpoints For Rca
- Alert
Configuration UnifiedAlert Alert Configuration Args - Alert
Id string - The unique alert identifier assigned by Logz.io.
- Created
At float64 - Unix timestamp (float) of alert creation.
- Created
By string - Email of the user who created the alert.
- Description string
- Enabled bool
- Linked
Panel UnifiedAlert Linked Panel Args - Rca bool
- Rca
Notification []float64Endpoint Ids - Recipients
Unified
Alert Recipients Args - Runbook string
- []string
- Title string
- Unified
Alert stringId - Updated
At float64 - Unix timestamp (float) of last update.
- Updated
By string - Email of the user who last updated the alert.
- Use
Alert boolNotification Endpoints For Rca
- alert
Configuration UnifiedAlert Alert Configuration - alert
Id String - The unique alert identifier assigned by Logz.io.
- created
At Double - Unix timestamp (float) of alert creation.
- created
By String - Email of the user who created the alert.
- description String
- enabled Boolean
- linked
Panel UnifiedAlert Linked Panel - rca Boolean
- rca
Notification List<Double>Endpoint Ids - recipients
Unified
Alert Recipients - runbook String
- List<String>
- title String
- unified
Alert StringId - updated
At Double - Unix timestamp (float) of last update.
- updated
By String - Email of the user who last updated the alert.
- use
Alert BooleanNotification Endpoints For Rca
- alert
Configuration UnifiedAlert Alert Configuration - alert
Id string - The unique alert identifier assigned by Logz.io.
- created
At number - Unix timestamp (float) of alert creation.
- created
By string - Email of the user who created the alert.
- description string
- enabled boolean
- linked
Panel UnifiedAlert Linked Panel - rca boolean
- rca
Notification number[]Endpoint Ids - recipients
Unified
Alert Recipients - runbook string
- string[]
- title string
- unified
Alert stringId - updated
At number - Unix timestamp (float) of last update.
- updated
By string - Email of the user who last updated the alert.
- use
Alert booleanNotification Endpoints For Rca
- alert_
configuration UnifiedAlert Alert Configuration Args - alert_
id str - The unique alert identifier assigned by Logz.io.
- created_
at float - Unix timestamp (float) of alert creation.
- created_
by str - Email of the user who created the alert.
- description str
- enabled bool
- linked_
panel UnifiedAlert Linked Panel Args - rca bool
- rca_
notification_ Sequence[float]endpoint_ ids - recipients
Unified
Alert Recipients Args - runbook str
- Sequence[str]
- title str
- unified_
alert_ strid - updated_
at float - Unix timestamp (float) of last update.
- updated_
by str - Email of the user who last updated the alert.
- use_
alert_ boolnotification_ endpoints_ for_ rca
- alert
Configuration Property Map - alert
Id String - The unique alert identifier assigned by Logz.io.
- created
At Number - Unix timestamp (float) of alert creation.
- created
By String - Email of the user who created the alert.
- description String
- enabled Boolean
- linked
Panel Property Map - rca Boolean
- rca
Notification List<Number>Endpoint Ids - recipients Property Map
- runbook String
- List<String>
- title String
- unified
Alert StringId - updated
At Number - Unix timestamp (float) of last update.
- updated
By String - Email of the user who last updated the alert.
- use
Alert BooleanNotification Endpoints For Rca
Supporting Types
UnifiedAlertAlertConfiguration, UnifiedAlertAlertConfigurationArgs
- Type string
- Alert type. Must be
LOG_ALERTorMETRIC_ALERT. Changing this forces a new resource. - Alert
Output stringTemplate Type - Output format for log alerts. Must be
JSONorTABLE. See Output Format Rules below. - Correlations
Unified
Alert Alert Configuration Correlations - Correlation logic between sub-components (log alerts). See Correlations below.
- Queries
List<Unified
Alert Alert Configuration Query> - Metric queries. See Metric Query below. Required for metric alerts.
- Schedule
Unified
Alert Alert Configuration Schedule - Cron-based evaluation schedule (log alerts). See Schedule below.
- Search
Timeframe doubleMinutes - Time window in minutes for log evaluation.
- Severity string
- Alert severity. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. Required for metric alerts. - Sub
Components List<UnifiedAlert Alert Configuration Sub Component> - Detection rules. See Sub Component below. Required for log alerts (at least 1).
- Suppress
Notifications doubleMinutes - Mute period after alert fires (log alerts).
- Trigger
Unified
Alert Alert Configuration Trigger - Trigger configuration. See Metric Trigger below. Required for metric alerts.
- Type string
- Alert type. Must be
LOG_ALERTorMETRIC_ALERT. Changing this forces a new resource. - Alert
Output stringTemplate Type - Output format for log alerts. Must be
JSONorTABLE. See Output Format Rules below. - Correlations
Unified
Alert Alert Configuration Correlations - Correlation logic between sub-components (log alerts). See Correlations below.
- Queries
[]Unified
Alert Alert Configuration Query - Metric queries. See Metric Query below. Required for metric alerts.
- Schedule
Unified
Alert Alert Configuration Schedule - Cron-based evaluation schedule (log alerts). See Schedule below.
- Search
Timeframe float64Minutes - Time window in minutes for log evaluation.
- Severity string
- Alert severity. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. Required for metric alerts. - Sub
Components []UnifiedAlert Alert Configuration Sub Component - Detection rules. See Sub Component below. Required for log alerts (at least 1).
- Suppress
Notifications float64Minutes - Mute period after alert fires (log alerts).
- Trigger
Unified
Alert Alert Configuration Trigger - Trigger configuration. See Metric Trigger below. Required for metric alerts.
- type String
- Alert type. Must be
LOG_ALERTorMETRIC_ALERT. Changing this forces a new resource. - alert
Output StringTemplate Type - Output format for log alerts. Must be
JSONorTABLE. See Output Format Rules below. - correlations
Unified
Alert Alert Configuration Correlations - Correlation logic between sub-components (log alerts). See Correlations below.
- queries
List<Unified
Alert Alert Configuration Query> - Metric queries. See Metric Query below. Required for metric alerts.
- schedule
Unified
Alert Alert Configuration Schedule - Cron-based evaluation schedule (log alerts). See Schedule below.
- search
Timeframe DoubleMinutes - Time window in minutes for log evaluation.
- severity String
- Alert severity. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. Required for metric alerts. - sub
Components List<UnifiedAlert Alert Configuration Sub Component> - Detection rules. See Sub Component below. Required for log alerts (at least 1).
- suppress
Notifications DoubleMinutes - Mute period after alert fires (log alerts).
- trigger
Unified
Alert Alert Configuration Trigger - Trigger configuration. See Metric Trigger below. Required for metric alerts.
- type string
- Alert type. Must be
LOG_ALERTorMETRIC_ALERT. Changing this forces a new resource. - alert
Output stringTemplate Type - Output format for log alerts. Must be
JSONorTABLE. See Output Format Rules below. - correlations
Unified
Alert Alert Configuration Correlations - Correlation logic between sub-components (log alerts). See Correlations below.
- queries
Unified
Alert Alert Configuration Query[] - Metric queries. See Metric Query below. Required for metric alerts.
- schedule
Unified
Alert Alert Configuration Schedule - Cron-based evaluation schedule (log alerts). See Schedule below.
- search
Timeframe numberMinutes - Time window in minutes for log evaluation.
- severity string
- Alert severity. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. Required for metric alerts. - sub
Components UnifiedAlert Alert Configuration Sub Component[] - Detection rules. See Sub Component below. Required for log alerts (at least 1).
- suppress
Notifications numberMinutes - Mute period after alert fires (log alerts).
- trigger
Unified
Alert Alert Configuration Trigger - Trigger configuration. See Metric Trigger below. Required for metric alerts.
- type str
- Alert type. Must be
LOG_ALERTorMETRIC_ALERT. Changing this forces a new resource. - alert_
output_ strtemplate_ type - Output format for log alerts. Must be
JSONorTABLE. See Output Format Rules below. - correlations
Unified
Alert Alert Configuration Correlations - Correlation logic between sub-components (log alerts). See Correlations below.
- queries
Sequence[Unified
Alert Alert Configuration Query] - Metric queries. See Metric Query below. Required for metric alerts.
- schedule
Unified
Alert Alert Configuration Schedule - Cron-based evaluation schedule (log alerts). See Schedule below.
- search_
timeframe_ floatminutes - Time window in minutes for log evaluation.
- severity str
- Alert severity. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. Required for metric alerts. - sub_
components Sequence[UnifiedAlert Alert Configuration Sub Component] - Detection rules. See Sub Component below. Required for log alerts (at least 1).
- suppress_
notifications_ floatminutes - Mute period after alert fires (log alerts).
- trigger
Unified
Alert Alert Configuration Trigger - Trigger configuration. See Metric Trigger below. Required for metric alerts.
- type String
- Alert type. Must be
LOG_ALERTorMETRIC_ALERT. Changing this forces a new resource. - alert
Output StringTemplate Type - Output format for log alerts. Must be
JSONorTABLE. See Output Format Rules below. - correlations Property Map
- Correlation logic between sub-components (log alerts). See Correlations below.
- queries List<Property Map>
- Metric queries. See Metric Query below. Required for metric alerts.
- schedule Property Map
- Cron-based evaluation schedule (log alerts). See Schedule below.
- search
Timeframe NumberMinutes - Time window in minutes for log evaluation.
- severity String
- Alert severity. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. Required for metric alerts. - sub
Components List<Property Map> - Detection rules. See Sub Component below. Required for log alerts (at least 1).
- suppress
Notifications NumberMinutes - Mute period after alert fires (log alerts).
- trigger Property Map
- Trigger configuration. See Metric Trigger below. Required for metric alerts.
UnifiedAlertAlertConfigurationCorrelations, UnifiedAlertAlertConfigurationCorrelationsArgs
- Correlation
Operators List<string> - Correlation operators (e.g.,
["AND"]). - Joins
List<Immutable
Dictionary<string, string>> - Join configurations.
- Correlation
Operators []string - Correlation operators (e.g.,
["AND"]). - Joins []map[string]string
- Join configurations.
- correlation
Operators List<String> - Correlation operators (e.g.,
["AND"]). - joins List<Map<String,String>>
- Join configurations.
- correlation
Operators string[] - Correlation operators (e.g.,
["AND"]). - joins {[key: string]: string}[]
- Join configurations.
- correlation_
operators Sequence[str] - Correlation operators (e.g.,
["AND"]). - joins Sequence[Mapping[str, str]]
- Join configurations.
- correlation
Operators List<String> - Correlation operators (e.g.,
["AND"]). - joins List<Map<String>>
- Join configurations.
UnifiedAlertAlertConfigurationQuery, UnifiedAlertAlertConfigurationQueryArgs
- Query
Definition UnifiedAlert Alert Configuration Query Query Definition - The query configuration. See Metric Query Definition below.
- Ref
Id string - Query identifier (e.g., "A", "B") for use in math expressions.
- Query
Definition UnifiedAlert Alert Configuration Query Query Definition - The query configuration. See Metric Query Definition below.
- Ref
Id string - Query identifier (e.g., "A", "B") for use in math expressions.
- query
Definition UnifiedAlert Alert Configuration Query Query Definition - The query configuration. See Metric Query Definition below.
- ref
Id String - Query identifier (e.g., "A", "B") for use in math expressions.
- query
Definition UnifiedAlert Alert Configuration Query Query Definition - The query configuration. See Metric Query Definition below.
- ref
Id string - Query identifier (e.g., "A", "B") for use in math expressions.
- query_
definition UnifiedAlert Alert Configuration Query Query Definition - The query configuration. See Metric Query Definition below.
- ref_
id str - Query identifier (e.g., "A", "B") for use in math expressions.
- query
Definition Property Map - The query configuration. See Metric Query Definition below.
- ref
Id String - Query identifier (e.g., "A", "B") for use in math expressions.
UnifiedAlertAlertConfigurationQueryQueryDefinition, UnifiedAlertAlertConfigurationQueryQueryDefinitionArgs
- Promql
Query string - PromQL query string (e.g.,
"rate(http_requests_total[5m])"). - Account
Id double - The Logz.io Metrics account ID to query. Required by the API for metric alerts.
- Promql
Query string - PromQL query string (e.g.,
"rate(http_requests_total[5m])"). - Account
Id float64 - The Logz.io Metrics account ID to query. Required by the API for metric alerts.
- promql
Query String - PromQL query string (e.g.,
"rate(http_requests_total[5m])"). - account
Id Double - The Logz.io Metrics account ID to query. Required by the API for metric alerts.
- promql
Query string - PromQL query string (e.g.,
"rate(http_requests_total[5m])"). - account
Id number - The Logz.io Metrics account ID to query. Required by the API for metric alerts.
- promql_
query str - PromQL query string (e.g.,
"rate(http_requests_total[5m])"). - account_
id float - The Logz.io Metrics account ID to query. Required by the API for metric alerts.
- promql
Query String - PromQL query string (e.g.,
"rate(http_requests_total[5m])"). - account
Id Number - The Logz.io Metrics account ID to query. Required by the API for metric alerts.
UnifiedAlertAlertConfigurationSchedule, UnifiedAlertAlertConfigurationScheduleArgs
- Cron
Expression string - Six-part cron expression with seconds (e.g.,
"0 0/5 * * * ?"= every 5 minutes). - Timezone string
- Timezone for the cron expression. Default:
UTC.
- Cron
Expression string - Six-part cron expression with seconds (e.g.,
"0 0/5 * * * ?"= every 5 minutes). - Timezone string
- Timezone for the cron expression. Default:
UTC.
- cron
Expression String - Six-part cron expression with seconds (e.g.,
"0 0/5 * * * ?"= every 5 minutes). - timezone String
- Timezone for the cron expression. Default:
UTC.
- cron
Expression string - Six-part cron expression with seconds (e.g.,
"0 0/5 * * * ?"= every 5 minutes). - timezone string
- Timezone for the cron expression. Default:
UTC.
- cron_
expression str - Six-part cron expression with seconds (e.g.,
"0 0/5 * * * ?"= every 5 minutes). - timezone str
- Timezone for the cron expression. Default:
UTC.
- cron
Expression String - Six-part cron expression with seconds (e.g.,
"0 0/5 * * * ?"= every 5 minutes). - timezone String
- Timezone for the cron expression. Default:
UTC.
UnifiedAlertAlertConfigurationSubComponent, UnifiedAlertAlertConfigurationSubComponentArgs
- Query
Definition UnifiedAlert Alert Configuration Sub Component Query Definition - The query configuration. See Query Definition below.
- Trigger
Unified
Alert Alert Configuration Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- Output
Unified
Alert Alert Configuration Sub Component Output - Output configuration. See Sub Component Output below.
- Query
Definition UnifiedAlert Alert Configuration Sub Component Query Definition - The query configuration. See Query Definition below.
- Trigger
Unified
Alert Alert Configuration Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- Output
Unified
Alert Alert Configuration Sub Component Output Type - Output configuration. See Sub Component Output below.
- query
Definition UnifiedAlert Alert Configuration Sub Component Query Definition - The query configuration. See Query Definition below.
- trigger
Unified
Alert Alert Configuration Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- output
Unified
Alert Alert Configuration Sub Component Output - Output configuration. See Sub Component Output below.
- query
Definition UnifiedAlert Alert Configuration Sub Component Query Definition - The query configuration. See Query Definition below.
- trigger
Unified
Alert Alert Configuration Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- output
Unified
Alert Alert Configuration Sub Component Output - Output configuration. See Sub Component Output below.
- query_
definition UnifiedAlert Alert Configuration Sub Component Query Definition - The query configuration. See Query Definition below.
- trigger
Unified
Alert Alert Configuration Sub Component Trigger - Trigger conditions. See Sub Component Trigger below.
- output
Unified
Alert Alert Configuration Sub Component Output - Output configuration. See Sub Component Output below.
- query
Definition Property Map - The query configuration. See Query Definition below.
- trigger Property Map
- Trigger conditions. See Sub Component Trigger below.
- output Property Map
- Output configuration. See Sub Component Output below.
UnifiedAlertAlertConfigurationSubComponentOutput, UnifiedAlertAlertConfigurationSubComponentOutputArgs
- Columns
List<Unified
Alert Alert Configuration Sub Component Output Column> - Column configurations. See Column Config below.
- Should
Use boolAll Fields - Whether to use all fields in output. Default:
true.
- Columns
[]Unified
Alert Alert Configuration Sub Component Output Column - Column configurations. See Column Config below.
- Should
Use boolAll Fields - Whether to use all fields in output. Default:
true.
- columns
List<Unified
Alert Alert Configuration Sub Component Output Column> - Column configurations. See Column Config below.
- should
Use BooleanAll Fields - Whether to use all fields in output. Default:
true.
- columns
Unified
Alert Alert Configuration Sub Component Output Column[] - Column configurations. See Column Config below.
- should
Use booleanAll Fields - Whether to use all fields in output. Default:
true.
- columns
Sequence[Unified
Alert Alert Configuration Sub Component Output Column] - Column configurations. See Column Config below.
- should_
use_ boolall_ fields - Whether to use all fields in output. Default:
true.
- columns List<Property Map>
- Column configurations. See Column Config below.
- should
Use BooleanAll Fields - Whether to use all fields in output. Default:
true.
UnifiedAlertAlertConfigurationSubComponentOutputColumn, UnifiedAlertAlertConfigurationSubComponentOutputColumnArgs
- field_
name str - Field name.
- regex str
- Regular expression for field extraction.
- sort str
- Sort direction. Valid values:
ASC,DESC. Defaults toASCif not specified.
UnifiedAlertAlertConfigurationSubComponentQueryDefinition, UnifiedAlertAlertConfigurationSubComponentQueryDefinitionArgs
- Query string
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - Account
Ids List<double>To Query Ons - Required if
should_query_on_all_accounts = false. - Aggregation
Unified
Alert Alert Configuration Sub Component Query Definition Aggregation - How to aggregate matching logs. If omitted, the API may populate a default aggregation (typically
COUNT). See Aggregation below. - Filters string
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - Group
Bies List<string> - Fields to group results by.
- Should
Query boolOn All Accounts - Whether to query all accessible accounts. Default:
true.
- Query string
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - Account
Ids []float64To Query Ons - Required if
should_query_on_all_accounts = false. - Aggregation
Unified
Alert Alert Configuration Sub Component Query Definition Aggregation - How to aggregate matching logs. If omitted, the API may populate a default aggregation (typically
COUNT). See Aggregation below. - Filters string
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - Group
Bies []string - Fields to group results by.
- Should
Query boolOn All Accounts - Whether to query all accessible accounts. Default:
true.
- query String
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - account
Ids List<Double>To Query Ons - Required if
should_query_on_all_accounts = false. - aggregation
Unified
Alert Alert Configuration Sub Component Query Definition Aggregation - How to aggregate matching logs. If omitted, the API may populate a default aggregation (typically
COUNT). See Aggregation below. - filters String
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - group
Bies List<String> - Fields to group results by.
- should
Query BooleanOn All Accounts - Whether to query all accessible accounts. Default:
true.
- query string
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - account
Ids number[]To Query Ons - Required if
should_query_on_all_accounts = false. - aggregation
Unified
Alert Alert Configuration Sub Component Query Definition Aggregation - How to aggregate matching logs. If omitted, the API may populate a default aggregation (typically
COUNT). See Aggregation below. - filters string
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - group
Bies string[] - Fields to group results by.
- should
Query booleanOn All Accounts - Whether to query all accessible accounts. Default:
true.
- query str
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - account_
ids_ Sequence[float]to_ query_ ons - Required if
should_query_on_all_accounts = false. - aggregation
Unified
Alert Alert Configuration Sub Component Query Definition Aggregation - How to aggregate matching logs. If omitted, the API may populate a default aggregation (typically
COUNT). See Aggregation below. - filters str
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - group_
bies Sequence[str] - Fields to group results by.
- should_
query_ boolon_ all_ accounts - Whether to query all accessible accounts. Default:
true.
- query String
- Lucene/Elasticsearch query string (e.g.,
"level:ERROR AND service:checkout"). - account
Ids List<Number>To Query Ons - Required if
should_query_on_all_accounts = false. - aggregation Property Map
- How to aggregate matching logs. If omitted, the API may populate a default aggregation (typically
COUNT). See Aggregation below. - filters String
- Boolean filters as JSON string. Example shape:
{ "bool": { "must": [], "should": [], "filter": [], "must_not": [] } } - group
Bies List<String> - Fields to group results by.
- should
Query BooleanOn All Accounts - Whether to query all accessible accounts. Default:
true.
UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregation, UnifiedAlertAlertConfigurationSubComponentQueryDefinitionAggregationArgs
- Aggregation
Type string - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE,PERCENTAGE,PERCENTILE. Note: The API treatsNONEas equivalent toCOUNT. - Field
To stringAggregate On - Field to aggregate on. Required for
SUM,MIN,MAX,AVG,UNIQUE_COUNT. - Value
To stringAggregate On - Value to aggregate on.
- Aggregation
Type string - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE,PERCENTAGE,PERCENTILE. Note: The API treatsNONEas equivalent toCOUNT. - Field
To stringAggregate On - Field to aggregate on. Required for
SUM,MIN,MAX,AVG,UNIQUE_COUNT. - Value
To stringAggregate On - Value to aggregate on.
- aggregation
Type String - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE,PERCENTAGE,PERCENTILE. Note: The API treatsNONEas equivalent toCOUNT. - field
To StringAggregate On - Field to aggregate on. Required for
SUM,MIN,MAX,AVG,UNIQUE_COUNT. - value
To StringAggregate On - Value to aggregate on.
- aggregation
Type string - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE,PERCENTAGE,PERCENTILE. Note: The API treatsNONEas equivalent toCOUNT. - field
To stringAggregate On - Field to aggregate on. Required for
SUM,MIN,MAX,AVG,UNIQUE_COUNT. - value
To stringAggregate On - Value to aggregate on.
- aggregation_
type str - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE,PERCENTAGE,PERCENTILE. Note: The API treatsNONEas equivalent toCOUNT. - field_
to_ straggregate_ on - Field to aggregate on. Required for
SUM,MIN,MAX,AVG,UNIQUE_COUNT. - value_
to_ straggregate_ on - Value to aggregate on.
- aggregation
Type String - Type of aggregation. Valid values:
SUM,MIN,MAX,AVG,COUNT,UNIQUE_COUNT,NONE,PERCENTAGE,PERCENTILE. Note: The API treatsNONEas equivalent toCOUNT. - field
To StringAggregate On - Field to aggregate on. Required for
SUM,MIN,MAX,AVG,UNIQUE_COUNT. - value
To StringAggregate On - Value to aggregate on.
UnifiedAlertAlertConfigurationSubComponentTrigger, UnifiedAlertAlertConfigurationSubComponentTriggerArgs
- Operator string
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - Severity
Threshold List<UnifiedTiers Alert Alert Configuration Sub Component Trigger Severity Threshold Tier> - Severity thresholds. At least one required. See Severity Threshold Tier below.
- Operator string
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - Severity
Threshold []UnifiedTiers Alert Alert Configuration Sub Component Trigger Severity Threshold Tier - Severity thresholds. At least one required. See Severity Threshold Tier below.
- operator String
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - severity
Threshold List<UnifiedTiers Alert Alert Configuration Sub Component Trigger Severity Threshold Tier> - Severity thresholds. At least one required. See Severity Threshold Tier below.
- operator string
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - severity
Threshold UnifiedTiers Alert Alert Configuration Sub Component Trigger Severity Threshold Tier[] - Severity thresholds. At least one required. See Severity Threshold Tier below.
- operator str
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - severity_
threshold_ Sequence[Unifiedtiers Alert Alert Configuration Sub Component Trigger Severity Threshold Tier] - Severity thresholds. At least one required. See Severity Threshold Tier below.
- operator String
- Comparison operator. Valid values:
LESS_THAN,GREATER_THAN,LESS_THAN_OR_EQUALS,GREATER_THAN_OR_EQUALS,EQUALS,NOT_EQUALS. - severity
Threshold List<Property Map>Tiers - Severity thresholds. At least one required. See Severity Threshold Tier below.
UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTier, UnifiedAlertAlertConfigurationSubComponentTriggerSeverityThresholdTierArgs
- Severity string
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - Threshold double
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
- For
- Severity string
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - Threshold float64
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
- For
- severity String
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - threshold Double
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
- For
- severity string
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - threshold number
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
- For
- severity str
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - threshold float
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
- For
- severity String
- Severity level. Valid values:
INFO,LOW,MEDIUM,HIGH,SEVERE. - threshold Number
Threshold value.
Important: Threshold ordering depends on the operator:
- For
GREATER_THAN/GREATER_THAN_OR_EQUALS: Higher severity must have higher thresholds (e.g., HIGH: 100, MEDIUM: 50, LOW: 10) - For
LESS_THAN/LESS_THAN_OR_EQUALS: Higher severity must have lower thresholds (e.g., HIGH: 10, MEDIUM: 50, LOW: 100) - For
EQUALS/NOT_EQUALS: Standard ordering applies
- For
UnifiedAlertAlertConfigurationTrigger, UnifiedAlertAlertConfigurationTriggerArgs
- Type string
- Trigger type. Valid values:
threshold,math. - Condition
Unified
Alert Alert Configuration Trigger Condition - Threshold condition. Required when
type = "threshold". See Trigger Condition below. - Expression string
- Math expression. Required when
type = "math". Uses query ref_ids prefixed with$(e.g.,"($A / $B) * 100").
- Type string
- Trigger type. Valid values:
threshold,math. - Condition
Unified
Alert Alert Configuration Trigger Condition - Threshold condition. Required when
type = "threshold". See Trigger Condition below. - Expression string
- Math expression. Required when
type = "math". Uses query ref_ids prefixed with$(e.g.,"($A / $B) * 100").
- type String
- Trigger type. Valid values:
threshold,math. - condition
Unified
Alert Alert Configuration Trigger Condition - Threshold condition. Required when
type = "threshold". See Trigger Condition below. - expression String
- Math expression. Required when
type = "math". Uses query ref_ids prefixed with$(e.g.,"($A / $B) * 100").
- type string
- Trigger type. Valid values:
threshold,math. - condition
Unified
Alert Alert Configuration Trigger Condition - Threshold condition. Required when
type = "threshold". See Trigger Condition below. - expression string
- Math expression. Required when
type = "math". Uses query ref_ids prefixed with$(e.g.,"($A / $B) * 100").
- type str
- Trigger type. Valid values:
threshold,math. - condition
Unified
Alert Alert Configuration Trigger Condition - Threshold condition. Required when
type = "threshold". See Trigger Condition below. - expression str
- Math expression. Required when
type = "math". Uses query ref_ids prefixed with$(e.g.,"($A / $B) * 100").
- type String
- Trigger type. Valid values:
threshold,math. - condition Property Map
- Threshold condition. Required when
type = "threshold". See Trigger Condition below. - expression String
- Math expression. Required when
type = "math". Uses query ref_ids prefixed with$(e.g.,"($A / $B) * 100").
UnifiedAlertAlertConfigurationTriggerCondition, UnifiedAlertAlertConfigurationTriggerConditionArgs
- Operator
Type string - Comparison operator. Valid values:
above,below,within_range,outside_range. - From double
- Lower bound. Required when
operator_typeiswithin_rangeoroutside_range. - Threshold double
- Threshold value. Required when
operator_typeisaboveorbelow. - To double
- Upper bound. Required when
operator_typeiswithin_rangeoroutside_range.
- Operator
Type string - Comparison operator. Valid values:
above,below,within_range,outside_range. - From float64
- Lower bound. Required when
operator_typeiswithin_rangeoroutside_range. - Threshold float64
- Threshold value. Required when
operator_typeisaboveorbelow. - To float64
- Upper bound. Required when
operator_typeiswithin_rangeoroutside_range.
- operator
Type String - Comparison operator. Valid values:
above,below,within_range,outside_range. - from Double
- Lower bound. Required when
operator_typeiswithin_rangeoroutside_range. - threshold Double
- Threshold value. Required when
operator_typeisaboveorbelow. - to Double
- Upper bound. Required when
operator_typeiswithin_rangeoroutside_range.
- operator
Type string - Comparison operator. Valid values:
above,below,within_range,outside_range. - from number
- Lower bound. Required when
operator_typeiswithin_rangeoroutside_range. - threshold number
- Threshold value. Required when
operator_typeisaboveorbelow. - to number
- Upper bound. Required when
operator_typeiswithin_rangeoroutside_range.
- operator_
type str - Comparison operator. Valid values:
above,below,within_range,outside_range. - from_ float
- Lower bound. Required when
operator_typeiswithin_rangeoroutside_range. - threshold float
- Threshold value. Required when
operator_typeisaboveorbelow. - to float
- Upper bound. Required when
operator_typeiswithin_rangeoroutside_range.
- operator
Type String - Comparison operator. Valid values:
above,below,within_range,outside_range. - from Number
- Lower bound. Required when
operator_typeiswithin_rangeoroutside_range. - threshold Number
- Threshold value. Required when
operator_typeisaboveorbelow. - to Number
- Upper bound. Required when
operator_typeiswithin_rangeoroutside_range.
UnifiedAlertLinkedPanel, UnifiedAlertLinkedPanelArgs
- Dashboard
Id string - UID of the unified dashboard for context linking.
- Folder
Id string - UID of the unified folder in Logz.io.
- Panel
Id string - Specific panel ID on the dashboard.
- Dashboard
Id string - UID of the unified dashboard for context linking.
- Folder
Id string - UID of the unified folder in Logz.io.
- Panel
Id string - Specific panel ID on the dashboard.
- dashboard
Id String - UID of the unified dashboard for context linking.
- folder
Id String - UID of the unified folder in Logz.io.
- panel
Id String - Specific panel ID on the dashboard.
- dashboard
Id string - UID of the unified dashboard for context linking.
- folder
Id string - UID of the unified folder in Logz.io.
- panel
Id string - Specific panel ID on the dashboard.
- dashboard_
id str - UID of the unified dashboard for context linking.
- folder_
id str - UID of the unified folder in Logz.io.
- panel_
id str - Specific panel ID on the dashboard.
- dashboard
Id String - UID of the unified dashboard for context linking.
- folder
Id String - UID of the unified folder in Logz.io.
- panel
Id String - Specific panel ID on the dashboard.
UnifiedAlertRecipients, UnifiedAlertRecipientsArgs
- Emails List<string>
- Email addresses for notifications.
- Notification
Endpoint List<double>Ids - IDs of configured notification endpoints.
- Emails []string
- Email addresses for notifications.
- Notification
Endpoint []float64Ids - IDs of configured notification endpoints.
- emails List<String>
- Email addresses for notifications.
- notification
Endpoint List<Double>Ids - IDs of configured notification endpoints.
- emails string[]
- Email addresses for notifications.
- notification
Endpoint number[]Ids - IDs of configured notification endpoints.
- emails Sequence[str]
- Email addresses for notifications.
- notification_
endpoint_ Sequence[float]ids - IDs of configured notification endpoints.
- emails List<String>
- Email addresses for notifications.
- notification
Endpoint List<Number>Ids - IDs of configured notification endpoints.
Import
Unified alerts can be imported using the alert type and ID, separated by a colon:
bash
$ pulumi import logzio:index/unifiedAlert:UnifiedAlert my_log_alert logs:alert-id-here
$ pulumi import logzio:index/unifiedAlert:UnifiedAlert my_metric_alert metrics:alert-id-here
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- logzio logzio/terraform-provider-logzio
- License
- Notes
- This Pulumi package is based on the
logzioTerraform Provider.
Viewing docs for logzio 1.27.0
published on Thursday, Feb 19, 2026 by logzio
published on Thursday, Feb 19, 2026 by logzio
