共计 1896 个字符,预计需要花费 5 分钟才能阅读完成。
elk 报警监控之 sentinl 钉钉报警配置
1. 安装 sentinl
可以在线安装 ./kibana-plugin install https://github.com/sirensolut…
也可以离线安装 ./kibana-plugin install file:../../sentinl-v6.2.4.zip file 关键字不能漏掉
[root@elk-181 bin]# ./kibana-plugin install file:/root/sentinl-v6.2.4.zip
Attempting to transfer from file:/root/sentinl-v6.2.4.zip
Transferring 130048021 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete安装 sentinl 后 kibana 可能会关闭,启动 kibana
2. 配置 sentinl
1). 添加一个钉钉机器人
2). 添加一个 Watchers
点击 new-> 点击 watchers 前面的”加号“
将下方代码 copy 其中,记住选中 enadle,然后选择保存,下次每次更改可以去 input,action 中直接更改保存。
{
"actions": {
"test-dingding": {
"name": "waring_error_log_push_dingding",
"throttle_period": "0h1m0s",
"webhook": {
"priority": "high",
"stateless": false,
"method": "POST",
"host": "oapi.dingtalk.com",
"port": "443",
"path": "/robot/send?access_token=f4b53a0ea844f914xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"body": "{\"msgtype\": \"markdown\",\"markdown\": {\"title\":\"DEV_time.out\",\"text\": \"# Dev 预警 \\t\\n ### 主机 | ```\\n{{payload.hits.hits.0._index}}\\n``` | \\t\\n ### Project | ```\\n{{payload.hits.hits.0._source.service}}\\n``` | \\t\\n ### 最近一分钟发生次数 | ```\\n{{payload.hits.total}}\\n``` | \\t\\n ### 告警内容:```\\n{{payload.hits.hits.0._source.message}}\\n``` \\t\\n \"} }",
"params": {"watcher": "{{watcher.title}}",
"payload_count": "{{payload.hits.total}}"
},
"headers": {"Content-Type": "application/json"},
"auth": "钉钉账号: 钉钉密码",
"message": "业务功能告警",
"use_https": true,
"save_payload": false
}
}
},
"input": {
"search": {
"request": {
"index": ["applog-*"],
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"query": "\"error\""
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": []}
}
}
}
}
},
"condition": {
"script": {"script": "payload.hits.total >=1"}
},
"transform": {},
"trigger": {
"schedule": {"later": "every 20 minutes"}
},
"disable": true,
"report": false,
"title": "警告和错误日志推送钉钉"
}3. 测试
正文完