Updated at: 2022-12-09 03:49:50
Rule Policies are divided into two categories: Real-Time Alert and Scheduled Alert, which are suitable for applications with high and low real-time requirement respectively: 
► Real-Time Alert includes 2 types: Event Count and Field Aggregation: 
• Event Count: The number of alert occurrences of a certain type of event that exceeds the threshold range in a given time period triggers the alert;
• Field Aggregation: A certain aggregation value of a field exceeds the threshold range in a given time period triggers the alert.
► Scheduled Alert: It supports the alert of source log non-aggregation, and the alert of AR-Agent aggregation host task non-aggregation time exceeding the threshold range.
Click Alert > Alert Policy > Rule to make rule policy management, where you can create, check/edit, and delete the alert rule policy.