elk报警监控之sentinl-钉钉报警配置

45次阅读

共计 1896 个字符,预计需要花费 5 分钟才能阅读完成。

elk 报警监控之 sentinl 钉钉报警配置

1. 安装 sentinl

可以在线安装 ./kibana-plugin install https://github.com/sirensolut…

也可以离线安装 ./kibana-plugin install file:../../sentinl-v6.2.4.zip file 关键字不能漏掉 

[root@elk-181 bin]# ./kibana-plugin install file:/root/sentinl-v6.2.4.zip   
Attempting to transfer from file:/root/sentinl-v6.2.4.zip  
Transferring 130048021 bytes....................  
Transfer complete  
Retrieving metadata from plugin archive  
Extracting plugin archive  
Extraction complete  
Optimizing and caching browser bundles...  
Plugin installation complete

安装 sentinl 后 kibana 可能会关闭,启动 kibana

2. 配置 sentinl

1). 添加一个钉钉机器人

2). 添加一个 Watchers

点击 new-> 点击 watchers 前面的”加号“

将下方代码 copy 其中,记住选中 enadle,然后选择保存,下次每次更改可以去 input,action 中直接更改保存。

{
  "actions": {
    "test-dingding": {
      "name": "waring_error_log_push_dingding",
      "throttle_period": "0h1m0s",
      "webhook": {
        "priority": "high",
        "stateless": false,
        "method": "POST",
        "host": "oapi.dingtalk.com",
        "port": "443",
        "path": "/robot/send?access_token=f4b53a0ea844f914xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "body": "{\"msgtype\": \"markdown\",\"markdown\": {\"title\":\"DEV_time.out\",\"text\": \"# Dev 预警 \\t\\n ### 主机 | ```\\n{{payload.hits.hits.0._index}}\\n``` | \\t\\n ### Project | ```\\n{{payload.hits.hits.0._source.service}}\\n``` | \\t\\n ### 最近一分钟发生次数 | ```\\n{{payload.hits.total}}\\n``` | \\t\\n ### 告警内容:```\\n{{payload.hits.hits.0._source.message}}\\n``` \\t\\n \"}  }",
        "params": {"watcher": "{{watcher.title}}",
          "payload_count": "{{payload.hits.total}}"
        },
        "headers": {"Content-Type": "application/json"},
        "auth": "钉钉账号: 钉钉密码",
        "message": "业务功能告警",
        "use_https": true,
        "save_payload": false
      }
    }
  },
  "input": {
    "search": {
      "request": {
        "index": ["applog-*"],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "query_string": {
                    "analyze_wildcard": true,
                    "query": "\"error\""
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-1h",
                      "lte": "now",
                      "format": "epoch_millis"
                    }
                  }
                }
              ],
              "must_not": []}
          }
        }
      }
    }
  },
  "condition": {
    "script": {"script": "payload.hits.total >=1"}
  },
  "transform": {},
  "trigger": {
    "schedule": {"later": "every 20 minutes"}
  },
  "disable": true,
  "report": false,
  "title": "警告和错误日志推送钉钉"
}

3. 测试

正文完
centos dingtalk elk sentinel
发表至: linux
2019-08-27
 0
关于linux:python-for-循环
关于linux:多种方法查看Linux文件大小
linuxc编程编译预处理pragma预处理分析
关于linux:Spring-IoC是如何进行依赖注入的