elk报警监控之sentinl 钉钉报警配置

时间  2020-02-22
标签 elk 报警 监控 sentinl 钉钉 配置 繁體版
原文   原文链接

elk报警监控之sentinl 钉钉报警配置

1.安装sentinl

能够在线安装 ./kibana-plugin install https://github.com/sirensolut...git

也能够离线安装 ./kibana-plugin install file:../../sentinl-v6.2.4.zip file 关键字不能漏掉github

[root@elk-181 bin]# ./kibana-plugin install file:/root/sentinl-v6.2.4.zip   
Attempting to transfer from file:/root/sentinl-v6.2.4.zip  
Transferring 130048021 bytes....................  
Transfer complete  
Retrieving metadata from plugin archive  
Extracting plugin archive  
Extraction complete  
Optimizing and caching browser bundles...  
Plugin installation complete

安装sentinl后kibana可能会关闭, 启动kibanaweb

2.配置sentinl

1).添加一个钉钉机器人

clipboard.png

2).添加一个Watchers

clipboard.png

点击new-> 点击watchers前面的”加号“json

将下方代码copy其中,记住选中enadle,而后选择保存,下次每次更改能够去input,action中直接更改保存。api

{
  "actions": {
    "test-dingding": {
      "name": "waring_error_log_push_dingding",
      "throttle_period": "0h1m0s",
      "webhook": {
        "priority": "high",
        "stateless": false,
        "method": "POST",
        "host": "oapi.dingtalk.com",
        "port": "443",
        "path": "/robot/send?access_token=f4b53a0ea844f914xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "body": " {\"msgtype\": \"markdown\",\"markdown\": {\"title\":\"DEV_time.out\",\"text\": \"# Dev预警 \\t\\n ### 主机 | ```\\n{{payload.hits.hits.0._index}}\\n``` | \\t\\n ### Project | ```\\n{{payload.hits.hits.0._source.service}}\\n``` | \\t\\n ### 最近一分钟发生次数 | ```\\n{{payload.hits.total}}\\n``` | \\t\\n ### 告警内容:```\\n{{payload.hits.hits.0._source.message}}\\n``` \\t\\n \"      }  }",
        "params": {
          "watcher": "{{watcher.title}}",
          "payload_count": "{{payload.hits.total}}"
        },
        "headers": {
          "Content-Type": "application/json"
        },
        "auth": "钉钉帐号:钉钉密码",
        "message": "业务功能告警",
        "use_https": true,
        "save_payload": false
      }
    }
  },
  "input": {
    "search": {
      "request": {
        "index": [
          "applog-*"
        ],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "query_string": {
                    "analyze_wildcard": true,
                    "query": "\"error\""
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-1h",
                      "lte": "now",
                      "format": "epoch_millis"
                    }
                  }
                }
              ],
              "must_not": []
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "script": "payload.hits.total >=1"
    }
  },
  "transform": {},
  "trigger": {
    "schedule": {
      "later": "every 20 minutes"
    }
  },
  "disable": true,
  "report": false,
  "title": "警告和错误日志推送钉钉"
}

3.测试

clipboard.png

clipboard.png

相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程