elast alert

参考文档:《elast alert》

 

假设报错的内容为:

复制代码
ceph-rest-api service down

At least 1 events occurred between 2017-10-18 16:46 CST and 2017-10-18 17:46 CST

@timestamp: 2017-10-18T09:46:44.897Z
_id: AV8u4NMJlV0N0Gfm3nbE
_index: metricbeat-7.0.0-alpha1-2017.10.18
_type: doc
beat: {
    "hostname": "centos7gui", 
    "name": "centos7gui", 
    "version": "7.0.0-alpha1"
}
ceph: {
    "cluster_disk": {}
}
error: {
    "message": "error making http request: Get http://192.168.56.133:5000/api/v0.1/df: dial tcp 192.168.56.133:5000: getsockopt: no route to host"
}
metricset: {
    "host": "192.168.56.133:5000", 
    "module": "ceph", 
    "name": "cluster_disk", 
    "rtt": 2022944
}
num_hits: 382
num_matches: 30
View Code
复制代码

[config]

config.yaml

复制代码
rules_folder: example_rules
run_every:
  minutes: 1
buffer_time:
  minutes: 15
es_host: 192.168.56.162
es_port: 9200
writeback_index: elastalert_status
alert_time_limit:
  days: 2
复制代码

 

[email alert]

smtp_auth_file.yaml

user: "leiba726@163.com"
password: "xxxxxx"
View Code

my_rule.yaml

复制代码
# Alert when the rate of events exceeds a threshold

# (Optional)
# Elasticsearch host
# es_host: elasticsearch.example.com

# (Optional)
# Elasticsearch port
# es_port: 14900

# (OptionaL) Connect with SSL to Elasticsearch
#use_ssl: True

# (Optional) basic-auth username and password for Elasticsearch
#es_username: someusername
#es_password: somepassword

# (Required)
# Rule name, must be unique
name: ceph-rest-api service down

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency

# (Required)
# Index to search, wildcard supported
index: metricbeat-*

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 1

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
  hours: 1

# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- query:
        query_string:
                query: 'error making http request'

# (Required)
# The alert is use when a match is found
smtp_host: smtp.163.com
smtp_port: 25
smtp_auth_file: smtp_auth_file.yaml
email_reply_to: leiba726@163.com
from_addr: leiba726@163.com

alert:
- "email"

# (required, email specific)
# a list of email addresses to send alerts to
email:
- "leiba726@163.com"
- "elaroff@163.com"
View Code
复制代码

 

[command alert]

my_rule.yaml

复制代码
# Alert when the rate of events exceeds a threshold

# (Optional)
# Elasticsearch host
# es_host: elasticsearch.example.com

# (Optional)
# Elasticsearch port
# es_port: 14900

# (OptionaL) Connect with SSL to Elasticsearch
#use_ssl: True

# (Optional) basic-auth username and password for Elasticsearch
#es_username: someusername
#es_password: somepassword

# (Required)
# Rule name, must be unique
name: ceph-rest-api service down

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency

# (Required)
# Index to search, wildcard supported
index: metricbeat-*

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 1

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
  hours: 1

# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- query:
        query_string:
                query: 'error making http request'

# (Required)
# The alert is use when a match is found
smtp_host: smtp.163.com
smtp_port: 25
smtp_auth_file: smtp_auth_file.yaml
email_reply_to: leiba726@163.com
from_addr: leiba726@163.com

new_style_string_format: True
alert:
- "command"

# (required, email specific)
# a list of email addresses to send alerts to

command: ["/bin/bash", "/var/hello.sh", "{match[error]}"]
View Code
复制代码

 

执行elast alert的命令为:

python -m elastalert.elastalert --verbose --rule example_rules/my_rule.yaml

posted @   elar  阅读(288)  评论(0编辑  收藏  举报
编辑推荐:
· Linux glibc自带哈希表的用例及性能测试
· 深入理解 Mybatis 分库分表执行原理
· 如何打造一个高并发系统?
· .NET Core GC压缩(compact_phase)底层原理浅谈
· 现代计算机视觉入门之:什么是图片特征编码
阅读排行:
· 手把手教你在本地部署DeepSeek R1,搭建web-ui ,建议收藏!
· Spring AI + Ollama 实现 deepseek-r1 的API服务和调用
· 数据库服务器 SQL Server 版本升级公告
· 程序员常用高效实用工具推荐,办公效率提升利器!
· C#/.NET/.NET Core技术前沿周刊 | 第 23 期(2025年1.20-1.26)
历史上的今天:
2012-10-19 足迹列表2
2012-10-19 发现一批好玩的读书笔记
点击右上角即可分享
微信分享提示