diff --git a/docs/components/rule.md b/docs/components/rule.md index c82d82b8e7..239804ab07 100644 --- a/docs/components/rule.md +++ b/docs/components/rule.md @@ -43,6 +43,90 @@ For Ruler the read path is distributed, since most likely Ruler is querying Than This means that **query failure** are more likely to happen, that's why clear strategy on what will happen to alert and during query unavailability is the key. + +## Configuring Rules + + +Rule files use YAML, the syntax of a rule file is: + +``` +groups: + [ - ] +``` + +A simple example rules file would be: + +``` +groups: + - name: example + rules: + - record: job:http_inprogress_requests:sum + expr: sum(http_inprogress_requests) by (job) +``` + + + +``` +# The name of the group. Must be unique within a file. +name: + +# How often rules in the group are evaluated. +[ interval: | default = global.evaluation_interval ] + +rules: + [ - ... ] +``` + +Thanos supports two types of rules which may be configured and then evaluated at regular intervals: recording rules and alerting rules. + +### Recording Rules + +Recording rules allow you to precompute frequently needed or computationally expensive expressions and save their result as a new set of time series. Querying the precomputed result will then often be much faster than executing the original expression every time it is needed. This is especially useful for dashboards, which need to query the same expression repeatedly every time they refresh. + +Recording and alerting rules exist in a rule group. Rules within a group are run sequentially at a regular interval. + +The syntax for recording rules is: + +``` +# The name of the time series to output to. Must be a valid metric name. +record: + +# The PromQL expression to evaluate. Every evaluation cycle this is +# evaluated at the current time, and the result recorded as a new set of +# time series with the metric name as given by 'record'. +expr: + +# Labels to add or overwrite before storing the result. +labels: + [ : ] +``` + +### Alerting Rules + +The syntax for alerting rules is: + +``` +# The name of the alert. Must be a valid metric name. +alert: + +# The PromQL expression to evaluate. Every evaluation cycle this is +# evaluated at the current time, and all resultant time series become +# pending/firing alerts. +expr: + +# Alerts are considered firing once they have been returned for this long. +# Alerts which have not yet fired for long enough are considered pending. +[ for: | default = 0s ] + +# Labels to add or overwrite for each alert. +labels: + [ : ] + +# Annotations to add to each alert. +annotations: + [ : ] +``` + ## Partial Response See [this](query.md#partial-response) on initial info.