安装elast alert的并不像安装文档写的那么easy,虽然如此下面这个博客还是可以推荐下:
http://blog.csdn.net/gamer_gyt/article/details/52917116
官网:http://elastalert.readthedocs.io/en/latest/elastalert.html#overview
1)解压安装:
解压后有一个config.yaml.example文件,将这个文件另存一份并命名为config.yaml。
配置该文件:
# This is the folder that contains the rule yaml files # Any .yaml file will be loaded as a rule rules_folder: example_rules # How often ElastAlert will query Elasticsearch # The unit can be anything from weeks to seconds run_every: minutes: 1 # ElastAlert will buffer results from the most recent # period of time, in case some log sources are not in real time buffer_time: minutes: 3 # The Elasticsearch hostname for metadata writeback # Note that every rule can have its own Elasticsearch host es_host: localhost # The Elasticsearch port es_port: 9200 # The AWS region to use. Set this when using AWS-managed elasticsearch #aws_region: us-east-1 # The AWS profile to use. Use this if you are using an aws-cli profile. # See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html # for details #profile: test # Optional URL prefix for Elasticsearch #es_url_prefix: elasticsearch # Connect with TLS to Elasticsearch #use_ssl: True # Verify TLS certificates #verify_certs: True # GET request with body is the default option for Elasticsearch. # If it fails for some reason, you can pass 'GET', 'POST' or 'source'. # See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport # for details #es_send_get_body_as: GET # Option basic-auth username and password for Elasticsearch #es_username: someusername #es_password: somepassword # The index on es_host which is used for metadata storage # This can be a unmapped index, but it is recommended that you run # elastalert-create-index to set a mapping writeback_index: elastalert_status # If an alert fails for some reason, ElastAlert will retry # sending the alert until this time period has elapsed alert_time_limit: days: 2
在elasticsearch中创建索引:
elastalert-create-index
创建Rule:
在example_rules下面,修改example_frequency.yaml文件:
# Alert when the rate of events exceeds a threshold
# (Optional)
# Elasticsearch host
# es_host: elasticsearch.example.com
# (Optional)
# Elasticsearch port
# es_port: 14900
# (OptionaL) Connect with SSL to Elasticsearch
#use_ssl: True
# (Optional) basic-auth username and password for Elasticsearch
#es_username: someusername
#es_password: somepassword
# (Required)
# Rule name, must be unique
name: Example frequency rule
# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency
# (Required)
# Index to search, wildcard supported
index: cloud_platform-*
# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 3
# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
hours: 1
# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- term:
_type: cloud_platform
# (Required)
# The alert is use when a match is found
alert:
- "email"
# (required, email specific)
# a list of email addresses to send alerts to
email:
- zhuoyp001@xxxx.com
email_from_field: zhuoyp001
email_add_domain: "@xxxx.com"
from_addr: zhuoyp001@xxxx.com
smtp_host: xxxx
smtp_port: 25
smtp_auth_file: smtp_auth_file.yaml
这里主要配置了alert的方式是email。
最后一行指定用户名密码的文件smtp_auth_file.yaml:
user: "zhuoyp001@xxxx.com" password: "xxxx"
这样最简单的一个配置就完成了,当type: cloud_platform出现次数为3次后,就发告警邮件给zhuoyp001@xxxx.com。
2)启动:
python -m elastalert.elastalert --verbose --rule example_rules/example_frequency.yaml
正常情况下就启动了,我往logstash里面灌了几条日志,注意时间,eslast alert只去查询当前时间前2分钟内的索引,自己灌入的日志要改时间,让@timestamp满足查询的时间范围。
INFO:elastalert:Ran Example frequency rule from 2017-08-09 08:48 CST to 2017-08-09 08:50 CST: 7 query hits (0 already seen), 2 matches, 1 alerts sent INFO:elastalert:Sleeping for 57.479314 seconds
问题&经验:
alert_time 索引不存在
之前启动的时候,一直报错,说需要排序的字段alert_time不存在。报错在elastalert/elastalert.py文件中。推测原因是因为之前我一直没有触发sent alert这个事件,因此alert_time没有写入索引。于是我把下面几行都注释掉了:
line 1386:sort = {'sort': {'alert_time': {'order': 'asc'}}}
line 1391:query.update(sort)
line1503:query['sort'] = {'alert_time': {'order': 'desc'}}
line1639:sort = {'sort': {'until': {'order': 'desc'}}}
line1644:query.update(sort)
再次启动就没有报错了。
最后我触发了发邮件功能后,再次将这些注释掉的行打开,也没有报错可以正常运行。
相关推荐
这个压缩包文件“教程合集:Spring Boot、Spring Cloud、MySQL、Redis、Elast-learning.zip”显然是一个包含相关教程资源的集合,旨在帮助学习者深入理解这些技术。 首先,Spring Boot简化了Spring框架的使用,通过...
这是一个基于一系列技术构建的论坛系统的设计方案,主要利用了SpringBoot、MyBatis、MySQL、Redis、Kafka和Elasticsearch等技术栈。下面将详细解释这些技术在论坛中的应用和重要性。 **SpringBoot** ...
通过在Chrome浏览器中安装此插件,你可以直接连接并查看远程Elasticsearch实例的状态,无需进行复杂的配置或安装过程。 **主要功能和特点:** 1. **集群概览**:Elasticsearch Head 提供了集群级别的视图,可以...
[root@chenxi elasticsearch]# chown -R eschenxi:esgroup /chenxi/software/elasticsearch #”/chenxi/software/elasticsearch” 为安装目录 错误信息:max virtual memory areas vm.max_map_count [65530] is too ...
本构模型MATLAB代码——"large_elast_plast_deform"是针对大变形弹塑性问题的计算程序,旨在帮助用户理解并实现复杂的力学行为。 该代码的核心在于处理大变形下的弹塑性问题。大变形通常涉及显著的几何变化,需要...
说明文档E-mail:Blog:======ELK集成: Awesant + Logstash + Elasticsearch +Kibana + Nginx + Redis======单机版(Standalone): Logstash-index(收集日志)+ ...or Kibana(前端)or Nginx(同上) 其中:Elast
Elasticsearch Maven插件 一个Maven 3.1+插件,用于在构建的集成测试阶段运行Elasticsearch版本5+的实例。 实例是使用runforked目标在派生流程中启动的。 使用stop目标终止它们,并且为了更加... 要启动多少个Elast
YCSB-elasticsearch-绑定 YCSB 的 Elasticsearch 数据库接口,允许远程连接到集群中的不同 Elasticsearch 节点。 安装指南 !!! 安装 Elasticsearch 版本:1.5.1... 主机(默认值:“localhost”):要连接到的 Elast
SpringBoot作为Spring框架的轻量级启动器,简化了项目的初始化和配置过程。当SpringBoot与Elasticsearch结合时,可以为开发者提供一套便捷的全文搜索引擎解决方案。本文将深入探讨如何在SpringBoot项目中集成并使用...
/ 格罗伊 示范 目录 产品特点 产品特点 创建降价分层页面- >有5分钟教程 通过集成与多个人同时编辑 支持LDAP / Active Directory,OAuth身份验证 具有SAML的SSO(单一登录) 松弛/最重要,IFTTT集成 ... Elast
入门篇(Basics) SpringBoot(一)_快速实战搭建项目 SpringBoot(二)_项目属性配置 SpringBoot(三)_controller的使用 SpringBoot(四)_SpringDataJPA的使用 ...SpringBoot(十六)_springboot整合elast
lager_logstash_backend 后端将更大的数据存储到日志存储中Logstash 安装logstash并使用有关logstash服务器的信息设置sample.config。 示例logstash配置: input { stdin { type => "stdin-type" } file { type => ...
pyeqs, python Elasticsearch Querysets PyEQS python Elasticsearch QuerySets用于简化复杂 Elasticsearch JSON查询的python 库。 基于 Django QuerySet API,由官方 python elast
如zipkin端口号是参数QUERY_PORT来指定Mysql端口号参数是MYSQL_TCP_PORT来指定库名参数是MYSQL_DB来指定详细看视频Elast
windows kibana 64位安装包,如果是本机环境解压后直接使用,远程链接服务器需要配置kibana.yml 中的es服务器启动
我们将设置Elasticsearch和Kibana,然后设置Fluentd松紧带在本节中,我们将与Elasticsearch和Kibana一起设置elastitc运算符在您的Kubernetes集群中部署ECK 安装自定义资源定义和操作员及其RBAC规则: kubectl apply ...
3. **启动Elasticsearch**:重启Elasticsearch服务,确保分词器生效。 4. **创建索引**:在创建索引时,指定分词器类型为`ik`,例如: ```json { "settings": { "analysis": { "analyzer": { "default": { ...
弹性蛋白 Elasticsearch插件,用于在密集的浮点和稀疏布尔向量上进行相似性搜索。 文献资料 如果您想为Elastiknn做出贡献,请参阅developer-guide.md。 社区 如果您有疑问,错误等,请在上。... 基于elastic4s的Elast
安装你需要和 。 获取这个 repo(不要克隆!): go get -d davewalk.net/address-autocomplete要创建索引、自定义分析器和address映射: cd $GOPATH/src/github.com/davewalk/address-autocomplete./index.sh并填充...
- O形圈可由多种材料制成,包括NBR、BUNA-N、HSN、HNBR、Elast-O-Lion 101、VITON A系列、VITON B、VITON GLT、VITON AED、FR 58/90以及PTFE JACKETED VITON等。 - 每种材料有不同的硬度范围、使用温度和颜色标记...