本篇仅记录了在使用中接触到的,会在今后使用中不断更新。
Elastalert
ElastAlert是Yelp公司开源的一套用Python写的报警框架。
安装
pip install elastalert
命令
elastalert-create-index
命令用来创建ES索引的,默认为elastalert_status
elastalert-test-rule
测试自定义配置中的rule设置
elastalert-rule-from-kibana
从Kibana3中直接导出Filters
Example Config
# 规则文件目录,建议使用全路径
rules_folder: example_rules
# 用来设置定时向ES发请求
run_every:
minutes: 5
# 用来设置请求里时间字段的范围
buffer_time:
minutes: 15
# Elasticsearch host
es_host: elasticsearch.example.com
# The Elasticsearch port
es_port: 9200
# Optional URL prefix for Elasticsearch
#es_url_prefix: elasticsearch
# Connect with TLS to Elasticsearch
#use_ssl: True
# Verify TLS certificates
#verify_certs: True
# GET request with body is the default option for Elasticsearch.
# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
# for details
#es_send_get_body_as: GET
# Option basic-auth username and password for Elasticsearch
#es_username: someusername
#es_password: somepassword
# The index on es_host which is used for metadata storage
# This can be a unmapped index, but it is recommended that you run
# elastalert-create-index to set a mapping
writeback_index: elastalert_status
# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
days: 2
# 当Alert需要Email时
# 以下使用QQSMTP服务
# smtp_auth_file为SMTP Email账号信息的配置文件路径(使用yaml,key为user和password),建议使用全路径
smtp_host: smtp.exmail.qq.com
smtp_port: 465
smtp_ssl: true
smtp_auth_file: ~/email_auth.yaml
from_addr: example@qq.com
Example Rule
es_host: host
es_port: port
name: rule_name
type: frequency
use_strftime_index: true
index: project-%Y.%m.%d
# 指定事件数,进行Alert
num_events: 5
timeframe:
minutes: 1
# 查询条件
filter:
- query:
query_string:
query: "ERROR"
# Alert使用Email
alert:
- "email"
# 通知多个Email
email:
- "example1@example.com"
- "example2@example.com"
网友评论