google-cloud-platformgoogle-logging

google cloud platform -- creating alert policy -- how to specify message variable in alerting documentation markdown?


So I've created a logging alert policy on google cloud that monitors the project's logs and sends an alert if it finds a log that matches a certain query. This is all good and fine, but whenever it does send an email alert, it's barebones. I am unable to include anything useful in the email alert such as the actual message, the user must instead click on "View incident" and go to the specified timeframe of when the alert happened.

Is there no way to include the message? As far as I can tell viewing the gcp Using Markdown and variables in documentation templates doc on this.

I'm only really able to use ${resource.label.x} which isn't really all that useful because it already includes most of that stuff by default in the alert.

Could I have something like ${jsonPayload.message}? It didn't work when I tried it.


Solution

  • Probably (!) not.

    To be clear, the alerting policies track metrics (not logs) and you've created a log-based metric that you're using as the basis for an alert.

    There's information loss between the underlying log (that contains e.g. jsonPayload) and the metric that's produced from it (which probably does not). You can create Log-based metrics labels using expressions that include the underlying log entry fields.

    However, per the example in Google's docs, you'd want to consider a limited (enum) type for these values (e.g. HTTP status although that may be too broad too) rather than a potentially infinite jsonPayload.