elk报警监控之sentinl 钉钉报警配置
1.安装sentinl
可以在线安装 ./kibana-plugin install https://github.com/sirensolut...
也可以离线安装 ./kibana-plugin install file:../../sentinl-v6.2.4.zip file 关键字不能漏掉
[root@elk-181 bin]# ./kibana-plugin install file:/root/sentinl-v6.2.4.zip
Attempting to transfer from file:/root/sentinl-v6.2.4.zip
Transferring 130048021 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete安装sentinl后kibana可能会关闭, 启动kibana
2.配置sentinl
1).添加一个钉钉机器人
2).添加一个Watchers
点击new-> 点击watchers前面的”加号“
将下方代码copy其中,记住选中enadle,然后选择保存,下次每次更改可以去input,action中直接更改保存。
{
"actions": {
"test-dingding": {
"name": "waring_error_log_push_dingding",
"throttle_period": "0h1m0s",
"webhook": {
"priority": "high",
"stateless": false,
"method": "POST",
"host": "oapi.dingtalk.com",
"port": "443",
"path": "/robot/send?access_token=f4b53a0ea844f914xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"body": " {\"msgtype\": \"markdown\",\"markdown\": {\"title\":\"DEV_time.out\",\"text\": \"# Dev预警 \\t\\n ### 主机 | ```\\n{{payload.hits.hits.0._index}}\\n``` | \\t\\n ### Project | ```\\n{{payload.hits.hits.0._source.service}}\\n``` | \\t\\n ### 最近一分钟发生次数 | ```\\n{{payload.hits.total}}\\n``` | \\t\\n ### 告警内容:```\\n{{payload.hits.hits.0._source.message}}\\n``` \\t\\n \" } }",
"params": {
"watcher": "{{watcher.title}}",
"payload_count": "{{payload.hits.total}}"
},
"headers": {
"Content-Type": "application/json"
},
"auth": "钉钉账号:钉钉密码",
"message": "业务功能告警",
"use_https": true,
"save_payload": false
}
}
},
"input": {
"search": {
"request": {
"index": [
"applog-*"
],
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"query": "\"error\""
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total >=1"
}
},
"transform": {},
"trigger": {
"schedule": {
"later": "every 20 minutes"
}
},
"disable": true,
"report": false,
"title": "警告和错误日志推送钉钉"
}
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。