告警事件和 EventBridge
每当 CloudWatch 告警被创建、更新、删除或更改告警状态时,CloudWatch 都会将事件发送到 Amazon EventBridge。您可以使用 EventBridge 和这些事件来编写规则,这些规则会在告警更改状态时采取措施,例如通知您。有关更多信息,请参阅什么是 Amazon EventBridge?
CloudWatch 保证向 EventBridge 传送告警状态更改事件。
告警状态更改事件
本节旨在介绍告警状态发生变化时发送到 EventBridge 的示例事件。选择选项卡可查看不同类型的告警状态更改事件。
- Single Metric Alarm
-
单个指标告警更改状态时生成的事件。这些事件包含带有告警评估结果的
state和previousState字段。{ "version": "0", "id": "c4c1c1c9-6542-e61b-6ef0-8c4d36933a92", "detail-type": "CloudWatch Alarm State Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2019-10-02T17:04:40Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServerCpuTooHigh" ], "detail": { "alarmName": "ServerCpuTooHigh", "configuration": { "description": "Goes into alarm when server CPU utilization is too high!", "metrics": [ { "id": "30b6c6b2-a864-43a2-4877-c09a1afc3b87", "metricStat": { "metric": { "dimensions": { "InstanceId": "i-12345678901234567" }, "name": "CPUUtilization", "namespace": "AWS/EC2" }, "period": 300, "stat": "Average" }, "returnData": true } ] }, "previousState": { "reason": "Threshold Crossed: 1 out of the last 1 datapoints [0.0666851903306472 (01/10/19 13:46:00)] was not greater than the threshold (50.0) (minimum 1 datapoint for ALARM -> OK transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-01T13:56:40.985+0000\",\"startDate\":\"2019-10-01T13:46:00.000+0000\",\"statistic\":\"Average\",\"period\":300,\"recentDatapoints\":[0.0666851903306472],\"threshold\":50.0}", "timestamp": "2019-10-01T13:56:40.987+0000", "value": "OK" }, "state": { "reason": "Threshold Crossed: 1 out of the last 1 datapoints [99.50160229693434 (02/10/19 16:59:00)] was greater than the threshold (50.0) (minimum 1 datapoint for OK -> ALARM transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-02T17:04:40.985+0000\",\"startDate\":\"2019-10-02T16:59:00.000+0000\",\"statistic\":\"Average\",\"period\":300,\"recentDatapoints\":[99.50160229693434],\"threshold\":50.0}", "timestamp": "2019-10-02T17:04:40.989+0000", "value": "ALARM" } } } - Metric Math Alarm
-
指标数学告警更改状态时生成的事件。这些事件包含
configuration字段中的数学表达式详细信息。{ "version": "0", "id": "2dde0eb1-528b-d2d5-9ca6-6d590caf2329", "detail-type": "CloudWatch Alarm State Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2019-10-02T17:20:48Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:TotalNetworkTrafficTooHigh" ], "detail": { "alarmName": "TotalNetworkTrafficTooHigh", "configuration": { "description": "Goes into alarm if total network traffic exceeds 10Kb", "metrics": [ { "expression": "SUM(METRICS())", "id": "e1", "label": "Total Network Traffic", "returnData": true }, { "id": "m1", "metricStat": { "metric": { "dimensions": { "InstanceId": "i-12345678901234567" }, "name": "NetworkIn", "namespace": "AWS/EC2" }, "period": 300, "stat": "Maximum" }, "returnData": false }, { "id": "m2", "metricStat": { "metric": { "dimensions": { "InstanceId": "i-12345678901234567" }, "name": "NetworkOut", "namespace": "AWS/EC2" }, "period": 300, "stat": "Maximum" }, "returnData": false } ] }, "previousState": { "reason": "Unchecked: Initial alarm creation", "timestamp": "2019-10-02T17:20:03.642+0000", "value": "INSUFFICIENT_DATA" }, "state": { "reason": "Threshold Crossed: 1 out of the last 1 datapoints [45628.0 (02/10/19 17:10:00)] was greater than the threshold (10000.0) (minimum 1 datapoint for OK -> ALARM transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-02T17:20:48.551+0000\",\"startDate\":\"2019-10-02T17:10:00.000+0000\",\"period\":300,\"recentDatapoints\":[45628.0],\"threshold\":10000.0}", "timestamp": "2019-10-02T17:20:48.554+0000", "value": "ALARM" } } } - Anomaly Detection Alarm
-
异常检测告警更改状态时生成的事件。这些事件包含
reasonData字段的上限和下限阈值。{ "version": "0", "id": "daafc9f1-bddd-c6c9-83af-74971fcfc4ef", "detail-type": "CloudWatch Alarm State Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2019-10-03T16:00:04Z", "region": "us-east-1", "resources": ["arn:aws:cloudwatch:us-east-1:123456789012:alarm:EC2 CPU Utilization Anomaly"], "detail": { "alarmName": "EC2 CPU Utilization Anomaly", "state": { "value": "ALARM", "reason": "Thresholds Crossed: 1 out of the last 1 datapoints [0.0 (03/10/19 15:58:00)] was less than the lower thresholds [0.020599444741798756] or greater than the upper thresholds [0.3006915352732461] (minimum 1 datapoint for OK -> ALARM transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-03T16:00:04.650+0000\",\"startDate\":\"2019-10-03T15:58:00.000+0000\",\"period\":60,\"recentDatapoints\":[0.0],\"recentLowerThresholds\":[0.020599444741798756],\"recentUpperThresholds\":[0.3006915352732461]}", "timestamp": "2019-10-03T16:00:04.653+0000" }, "previousState": { "value": "OK", "reason": "Thresholds Crossed: 1 out of the last 1 datapoints [0.166666666664241 (03/10/19 15:57:00)] was not less than the lower thresholds [0.0206719426210418] or not greater than the upper thresholds [0.30076870222143803] (minimum 1 datapoint for ALARM -> OK transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-03T15:59:04.670+0000\",\"startDate\":\"2019-10-03T15:57:00.000+0000\",\"period\":60,\"recentDatapoints\":[0.166666666664241],\"recentLowerThresholds\":[0.0206719426210418],\"recentUpperThresholds\":[0.30076870222143803]}", "timestamp": "2019-10-03T15:59:04.672+0000" }, "configuration": { "description": "Goes into alarm if CPU Utilization is out of band", "metrics": [{ "id": "m1", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "CPUUtilization", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 60, "stat": "Average" }, "returnData": true }, { "id": "ad1", "expression": "ANOMALY_DETECTION_BAND(m1, 0.8)", "label": "CPUUtilization (expected)", "returnData": true }] } } } - Composite Alarm
-
复合指标告警更改状态时生成的事件。这些事件包含
actionsSuppressedBy和actionsSuppressedReason字段中的抑制信息。{ "version": "0", "id": "d3dfc86d-384d-24c8-0345-9f7986db0b80", "detail-type": "CloudWatch Alarm State Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-07-22T15:57:45Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "state": { "actionsSuppressedBy": "WaitPeriod", "actionsSuppressedReason": "Actions suppressed by WaitPeriod", "value": "ALARM", "reason": "arn:aws:cloudwatch:us-east-1:123456789012:alarm:SuppressionDemo.EventBridge.FirstChild transitioned to ALARM at Friday 22 July, 2022 15:57:45 UTC", "reasonData": "{\"triggeringAlarms\":[{\"arn\":\"arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServerCpuTooHigh\",\"state\":{\"value\":\"ALARM\",\"timestamp\":\"2022-07-22T15:57:45.394+0000\"}}]}", "timestamp": "2022-07-22T15:57:45.394+0000" }, "previousState": { "value": "OK", "reason": "arn:aws:cloudwatch:us-east-1:123456789012:alarm:SuppressionDemo.EventBridge.Main was created and its alarm rule evaluates to OK", "reasonData": "{\"triggeringAlarms\":[{\"arn\":\"arn:aws:cloudwatch:us-east-1:123456789012:alarm:TotalNetworkTrafficTooHigh\",\"state\":{\"value\":\"OK\",\"timestamp\":\"2022-07-14T16:28:57.770+0000\"}},{\"arn\":\"arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServerCpuTooHigh\",\"state\":{\"value\":\"OK\",\"timestamp\":\"2022-07-14T16:28:54.191+0000\"}}]}", "timestamp": "2022-07-22T15:56:14.552+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 180 } } }
告警配置更改事件
本节旨在介绍告警配置发生变化时发送到 EventBridge 的示例事件。配置更改包括创建、更新或删除告警。
- Creation Events
-
创建新告警时生成的事件。这些事件包含
configuration字段中的初始告警配置,并且operation设置为“创建”。复合告警示例
{ "version": "0", "id": "91535fdd-1e9c-849d-624b-9a9f2b1d09d0", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-03-03T17:06:22Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "operation": "create", "state": { "value": "INSUFFICIENT_DATA", "timestamp": "2022-03-03T17:06:22.289+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "alarmName": "ServiceAggregatedAlarm", "description": "Aggregated monitor for instance", "actionsEnabled": true, "timestamp": "2022-03-03T17:06:22.289+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } }具有抑制器的复合告警示例
{ "version": "0", "id": "454773e1-09f7-945b-aa2c-590af1c3f8e0", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-07-14T13:59:46Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "operation": "create", "state": { "value": "INSUFFICIENT_DATA", "timestamp": "2022-07-14T13:59:46.425+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 180, "alarmName": "ServiceAggregatedAlarm", "actionsEnabled": true, "timestamp": "2022-07-14T13:59:46.425+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } } - Update Events
-
修改现有告警时生成的事件。这些事件同时包含
configuration和previousConfiguration字段,可显示具体更改的内容。指标告警示例
{ "version": "0", "id": "bc7d3391-47f8-ae47-f457-1b4d06118d50", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-03-03T17:06:34Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServerCpuTooHigh" ], "detail": { "alarmName": "ServerCpuTooHigh", "operation": "update", "state": { "value": "INSUFFICIENT_DATA", "timestamp": "2022-03-03T17:06:13.757+0000" }, "configuration": { "evaluationPeriods": 1, "threshold": 80, "comparisonOperator": "GreaterThanThreshold", "treatMissingData": "ignore", "metrics": [ { "id": "86bfa85f-b14c-ebf7-8916-7da014ce23c0", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "CPUUtilization", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 300, "stat": "Average" }, "returnData": true } ], "alarmName": "ServerCpuTooHigh", "description": "Goes into alarm when server CPU utilization is too high!", "actionsEnabled": true, "timestamp": "2022-03-03T17:06:34.267+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] }, "previousConfiguration": { "evaluationPeriods": 1, "threshold": 70, "comparisonOperator": "GreaterThanThreshold", "treatMissingData": "ignore", "metrics": [ { "id": "d6bfa85f-893e-b052-a58b-4f9295c9111a", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "CPUUtilization", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 300, "stat": "Average" }, "returnData": true } ], "alarmName": "ServerCpuTooHigh", "description": "Goes into alarm when server CPU utilization is too high!", "actionsEnabled": true, "timestamp": "2022-03-03T17:06:13.757+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } }具有抑制器的指标告警示例
{ "version": "0", "id": "4c6f4177-6bd5-c0ca-9f05-b4151c54568b", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-07-14T13:59:56Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "operation": "update", "state": { "actionsSuppressedBy": "WaitPeriod", "value": "ALARM", "timestamp": "2022-07-14T13:59:46.425+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 360, "alarmName": "ServiceAggregatedAlarm", "actionsEnabled": true, "timestamp": "2022-07-14T13:59:56.290+0000", "okActions": [], "alarmActions": [], Remove "insufficientDataActions": [] }, "previousConfiguration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 180, "alarmName": "ServiceAggregatedAlarm", "actionsEnabled": true, "timestamp": "2022-07-14T13:59:46.425+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } } - Deletion Events
-
删除告警时生成的事件。这些事件包含最终的告警配置,并且
operation设置为“删除”。指标数学告警示例
{ "version": "0", "id": "f171d220-9e1c-c252-5042-2677347a83ed", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-03-03T17:07:13Z", "region": "us-east-*", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:TotalNetworkTrafficTooHigh" ], "detail": { "alarmName": "TotalNetworkTrafficTooHigh", "operation": "delete", "state": { "value": "INSUFFICIENT_DATA", "timestamp": "2022-03-03T17:06:17.672+0000" }, "configuration": { "evaluationPeriods": 1, "threshold": 10000, "comparisonOperator": "GreaterThanThreshold", "treatMissingData": "ignore", "metrics": [{ "id": "m1", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "NetworkIn", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 300, "stat": "Maximum" }, "returnData": false }, { "id": "m2", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "NetworkOut", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 300, "stat": "Maximum" }, "returnData": false }, { "id": "e1", "expression": "SUM(METRICS())", "label": "Total Network Traffic", "returnData": true } ], "alarmName": "TotalNetworkTrafficTooHigh", "description": "Goes into alarm if total network traffic exceeds 10Kb", "actionsEnabled": true, "timestamp": "2022-03-03T17:06:17.672+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } }带有抑制器的指标数学告警示例
{ "version": "0", "id": "e34592a1-46c0-b316-f614-1b17a87be9dc", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-07-14T14:00:01Z", "region": "us-east-*", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "operation": "delete", "state": { "actionsSuppressedBy": "WaitPeriod", "value": "ALARM", "timestamp": "2022-07-14T13:59:46.425+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 360, "alarmName": "ServiceAggregatedAlarm", "actionsEnabled": true, "timestamp": "2022-07-14T13:59:56.290+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } }
从警报启动 CloudWatch 调查
管理警报