elk报警alert设置

设置alert

 

 

 

 

# Alert when the rate of events exceeds a threshold

# (Optional)
# Elasticsearch host
es_host: elasticsearch.hostname1

# (Optional)
# Elasticsearch port
es_port: 9200


# (Required)
# Rule name, must be unique
name: test生产error_info异常报警

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency

# (Required)
# Index to search, wildcard supported
index: error_info*
timestamp_field: dateTime

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 1

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
  # hours: 4
  minutes: 1
# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- query_string:
    query: "NOT thrown.name:*RpcException AND NOT source.file : IMMessageServiceImpl.java AND NOT source.file : CrhClientUtil.java AND NOT source.file : DesThreadPool.java NOT source.file : DESV2Util.java"

realert:
  minutes: 3

#用户认证文件，需要user和password两个属性
#注意将${userName}替换成具体用户名
smtp_auth_file: /opt/elastalert/auth/test_smtp_auth_file.yaml

# (Required)
# The alert is use when a match is found
alert:
#- "email"
- "elastalert_modules.wechat_qiye_alert.WeChatAlerter"
#- "test"
# (required, email specific)
# a list of email addresses to send alerts to

alert_text: "
test{}异常报警 \n
主机hostIp: {}\n
服务路径: {}\n
索引名称: {}\n
发生时间: {}\n
traceId : {}\n
用户信息: {}\n
方法行数: {}.{}.{}\n
异常类型: {}\n
异常信息: {}\n
异常内容: {}
"

alert_text_type: alert_text_only
 
# 企业微信告警的数据不需要太多，太长
alert_text_args:
- customContextMap.projectName
- customContextMap.hostIp
- customContextMap.userDir
- _index
- dateTime
- contextMap.traceId
- contextMap.uid
- source.file
- source.method
- source.line
- thrown.name
- thrown.message
- message

#后台登陆后【设置】->【权限管理】->【普通管理组】->【创建并设置通讯录和应用权限】->【CorpID，Secret】
#设置微信企业号的appid
corp_id: ww11111222223433bc
#设置微信企业号的Secret
secret: lwQHPw_111111111111111111111111111111111111
#后台登陆后【应用中心】->【选择应用】->【应用id】
#设置微信企业号应用id
agent_id: 1000007
#部门id 2 - java group
party_id: 4
#用户微信号
user_id:
- 1111111

# 标签id
#tag_id: xx

# The hostname of the test server.
test_server: "test.111111111111.cn"
# The project to open the ticket under.
test_project: "JAVA_ALERT"
#  The type of issue that the ticket will be filed as. Note that this is case sensitive.
test_issuetype: "alert"
# The path to the file which contains test account credentials.
#test_account_file: "/root/elastalert/java_rules/test_acct.txt"