elk报警监控之sentinl 钉钉报警配置

elk报警监控之sentinl 钉钉报警配置

1.安装sentinl

可以在线安装 ./kibana-plugin install https://github.com/sirensolut...

也可以离线安装 ./kibana-plugin install file:../../sentinl-v6.2.4.zip file 关键字不能漏掉

[root@elk-181 bin]# ./kibana-plugin install file:/root/sentinl-v6.2.4.zip   
Attempting to transfer from file:/root/sentinl-v6.2.4.zip  
Transferring 130048021 bytes....................  
Transfer complete  
Retrieving metadata from plugin archive  
Extracting plugin archive  
Extraction complete  
Optimizing and caching browser bundles...  
Plugin installation complete

安装sentinl后kibana可能会关闭, 启动kibana

2.配置sentinl

1).添加一个钉钉机器人

elk报警监控之sentinl 钉钉报警配置_第1张图片

2).添加一个Watchers

elk报警监控之sentinl 钉钉报警配置_第2张图片

点击new-> 点击watchers前面的”加号“

将下方代码copy其中,记住选中enadle,然后选择保存,下次每次更改可以去input,action中直接更改保存。

{
  "actions": {
    "test-dingding": {
      "name": "waring_error_log_push_dingding",
      "throttle_period": "0h1m0s",
      "webhook": {
        "priority": "high",
        "stateless": false,
        "method": "POST",
        "host": "oapi.dingtalk.com",
        "port": "443",
        "path": "/robot/send?access_token=f4b53a0ea844f914xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "body": " {\"msgtype\": \"markdown\",\"markdown\": {\"title\":\"DEV_time.out\",\"text\": \"# Dev预警 \\t\\n ### 主机 | ```\\n{{payload.hits.hits.0._index}}\\n``` | \\t\\n ### Project | ```\\n{{payload.hits.hits.0._source.service}}\\n``` | \\t\\n ### 最近一分钟发生次数 | ```\\n{{payload.hits.total}}\\n``` | \\t\\n ### 告警内容:```\\n{{payload.hits.hits.0._source.message}}\\n``` \\t\\n \"      }  }",
        "params": {
          "watcher": "{{watcher.title}}",
          "payload_count": "{{payload.hits.total}}"
        },
        "headers": {
          "Content-Type": "application/json"
        },
        "auth": "钉钉账号:钉钉密码",
        "message": "业务功能告警",
        "use_https": true,
        "save_payload": false
      }
    }
  },
  "input": {
    "search": {
      "request": {
        "index": [
          "applog-*"
        ],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "query_string": {
                    "analyze_wildcard": true,
                    "query": "\"error\""
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-1h",
                      "lte": "now",
                      "format": "epoch_millis"
                    }
                  }
                }
              ],
              "must_not": []
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "script": "payload.hits.total >=1"
    }
  },
  "transform": {},
  "trigger": {
    "schedule": {
      "later": "every 20 minutes"
    }
  },
  "disable": true,
  "report": false,
  "title": "警告和错误日志推送钉钉"
}

3.测试

elk报警监控之sentinl 钉钉报警配置_第3张图片

elk报警监控之sentinl 钉钉报警配置_第4张图片

你可能感兴趣的:(linux,centos,elk,dingtalk,sentinel)