安装elast alert的并不像安装文档写的那么easy,虽然如此下面这个博客还是可以推荐下:
http://blog.csdn.net/gamer_gyt/article/details/52917116
官网:http://elastalert.readthedocs.io/en/latest/elastalert.html#overview
1)解压安装:
解压后有一个config.yaml.example文件,将这个文件另存一份并命名为config.yaml。
配置该文件:
# This is the folder that contains the rule yaml files # Any .yaml file will be loaded as a rule rules_folder: example_rules # How often ElastAlert will query Elasticsearch # The unit can be anything from weeks to seconds run_every: minutes: 1 # ElastAlert will buffer results from the most recent # period of time, in case some log sources are not in real time buffer_time: minutes: 3 # The Elasticsearch hostname for metadata writeback # Note that every rule can have its own Elasticsearch host es_host: localhost # The Elasticsearch port es_port: 9200 # The AWS region to use. Set this when using AWS-managed elasticsearch #aws_region: us-east-1 # The AWS profile to use. Use this if you are using an aws-cli profile. # See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html # for details #profile: test # Optional URL prefix for Elasticsearch #es_url_prefix: elasticsearch # Connect with TLS to Elasticsearch #use_ssl: True # Verify TLS certificates #verify_certs: True # GET request with body is the default option for Elasticsearch. # If it fails for some reason, you can pass 'GET', 'POST' or 'source'. # See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport # for details #es_send_get_body_as: GET # Option basic-auth username and password for Elasticsearch #es_username: someusername #es_password: somepassword # The index on es_host which is used for metadata storage # This can be a unmapped index, but it is recommended that you run # elastalert-create-index to set a mapping writeback_index: elastalert_status # If an alert fails for some reason, ElastAlert will retry # sending the alert until this time period has elapsed alert_time_limit: days: 2
在elasticsearch中创建索引:
elastalert-create-index
创建Rule:
在example_rules下面,修改example_frequency.yaml文件:
# Alert when the rate of events exceeds a threshold
# (Optional)
# Elasticsearch host
# es_host: elasticsearch.example.com
# (Optional)
# Elasticsearch port
# es_port: 14900
# (OptionaL) Connect with SSL to Elasticsearch
#use_ssl: True
# (Optional) basic-auth username and password for Elasticsearch
#es_username: someusername
#es_password: somepassword
# (Required)
# Rule name, must be unique
name: Example frequency rule
# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency
# (Required)
# Index to search, wildcard supported
index: cloud_platform-*
# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 3
# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
hours: 1
# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- term:
_type: cloud_platform
# (Required)
# The alert is use when a match is found
alert:
- "email"
# (required, email specific)
# a list of email addresses to send alerts to
email:
- zhuoyp001@xxxx.com
email_from_field: zhuoyp001
email_add_domain: "@xxxx.com"
from_addr: zhuoyp001@xxxx.com
smtp_host: xxxx
smtp_port: 25
smtp_auth_file: smtp_auth_file.yaml
这里主要配置了alert的方式是email。
最后一行指定用户名密码的文件smtp_auth_file.yaml:
user: "zhuoyp001@xxxx.com" password: "xxxx"
这样最简单的一个配置就完成了,当type: cloud_platform出现次数为3次后,就发告警邮件给zhuoyp001@xxxx.com。
2)启动:
python -m elastalert.elastalert --verbose --rule example_rules/example_frequency.yaml
正常情况下就启动了,我往logstash里面灌了几条日志,注意时间,eslast alert只去查询当前时间前2分钟内的索引,自己灌入的日志要改时间,让@timestamp满足查询的时间范围。
INFO:elastalert:Ran Example frequency rule from 2017-08-09 08:48 CST to 2017-08-09 08:50 CST: 7 query hits (0 already seen), 2 matches, 1 alerts sent INFO:elastalert:Sleeping for 57.479314 seconds
问题&经验:
alert_time 索引不存在
之前启动的时候,一直报错,说需要排序的字段alert_time不存在。报错在elastalert/elastalert.py文件中。推测原因是因为之前我一直没有触发sent alert这个事件,因此alert_time没有写入索引。于是我把下面几行都注释掉了:
line 1386:sort = {'sort': {'alert_time': {'order': 'asc'}}}
line 1391:query.update(sort)
line1503:query['sort'] = {'alert_time': {'order': 'desc'}}
line1639:sort = {'sort': {'until': {'order': 'desc'}}}
line1644:query.update(sort)
再次启动就没有报错了。
最后我触发了发邮件功能后,再次将这些注释掉的行打开,也没有报错可以正常运行。
相关推荐
论坛:基于 SpringBoot + MyBatis + MySQL + Redis + Kafka + Elast
教程合集:Spring Boot、Spring Cloud、MySQL、Redis、Elast-learning
ES界面化插件,zip包直接解压,安装到Chrome浏览器即可使用连接展示远程ES,简单易上手,无需复杂安装。
[root@chenxi elasticsearch]# chown -R eschenxi:esgroup /chenxi/software/elasticsearch #”/chenxi/software/elasticsearch” 为安装目录 错误信息:max virtual memory areas vm.max_map_count [65530] is too ...
说明文档E-mail:Blog:======ELK集成: Awesant + Logstash + Elasticsearch +Kibana + Nginx + Redis======单机版(Standalone): Logstash-index(收集日志)+ ...or Kibana(前端)or Nginx(同上) 其中:Elast
Elasticsearch Maven插件 一个Maven 3.1+插件,用于在构建的集成测试阶段运行Elasticsearch版本5+的实例。 实例是使用runforked目标在派生流程中启动的。 使用stop目标终止它们,并且为了更加... 要启动多少个Elast
本构模型matlab代码弹塑性大变形 考虑到大变形并采用弹塑性本构模型的有限元程序的Matlab代码。 依存关系 “有限元方法的计算机辅助学习”是一组用于编写FE代码的例程。
YCSB-elasticsearch-绑定 YCSB 的 Elasticsearch 数据库接口,允许远程连接到集群中的不同 Elasticsearch 节点。 安装指南 !!! 安装 Elasticsearch 版本:1.5.1... 主机(默认值:“localhost”):要连接到的 Elast
/ 格罗伊 示范 目录 产品特点 产品特点 创建降价分层页面- >有5分钟教程 通过集成与多个人同时编辑 支持LDAP / Active Directory,OAuth身份验证 具有SAML的SSO(单一登录) 松弛/最重要,IFTTT集成 ... Elast
入门篇(Basics) SpringBoot(一)_快速实战搭建项目 SpringBoot(二)_项目属性配置 SpringBoot(三)_controller的使用 SpringBoot(四)_SpringDataJPA的使用 ...SpringBoot(十六)_springboot整合elast
lager_logstash_backend 后端将更大的数据存储到日志存储中Logstash 安装logstash并使用有关logstash服务器的信息设置sample.config。 示例logstash配置: input { stdin { type => "stdin-type" } file { type => ...
pyeqs, python Elasticsearch Querysets PyEQS python Elasticsearch QuerySets用于简化复杂 Elasticsearch JSON查询的python 库。 基于 Django QuerySet API,由官方 python elast
如zipkin端口号是参数QUERY_PORT来指定Mysql端口号参数是MYSQL_TCP_PORT来指定库名参数是MYSQL_DB来指定详细看视频Elast
windows kibana 64位安装包,如果是本机环境解压后直接使用,远程链接服务器需要配置kibana.yml 中的es服务器启动
我们将设置Elasticsearch和Kibana,然后设置Fluentd松紧带在本节中,我们将与Elasticsearch和Kibana一起设置elastitc运算符在您的Kubernetes集群中部署ECK 安装自定义资源定义和操作员及其RBAC规则: kubectl apply ...
安装你需要和 。 获取这个 repo(不要克隆!): go get -d davewalk.net/address-autocomplete要创建索引、自定义分析器和address映射: cd $GOPATH/src/github.com/davewalk/address-autocomplete./index.sh并填充...
弹性蛋白 Elasticsearch插件,用于在密集的浮点和稀疏布尔向量上进行相似性搜索。 文献资料 如果您想为Elastiknn做出贡献,请参阅developer-guide.md。 社区 如果您有疑问,错误等,请在上。... 基于elastic4s的Elast
基于Springboot+Vue前后端分离的个人博客系统源码+数据库+教程.zip自己为了毕业设计前后花了大概三个多月的时间才写完这个项目,经历各种Bug以及项目部署,最终成功毕业总得来说太不容易...代码支持多种搜索模式(Elast
简单说,ElasticSearch(简称 ES)是搜索引擎,是结构化数据的分布式搜索引擎。下面这篇文章主要给大家介绍了关于Spring Boot整合ElasticSearch实现多版本兼容的相关资料,需要的朋友可以参考借鉴,下面来一起看看吧
弹性搜索 换句话说,我们可以有效地找到给定术语前缀的东西。 当我们只有一个倒排索引时,我们希望一切看起来都像一个字符串前缀问题 介绍 Ruby/Rails 集成担架- - 的Flex - - 提示/技巧使用 CURL 和 BASH 的 ...Elast