elk报警监控之sentinl 钉钉报警配置

elk报警监控之sentinl 钉钉报警配置

1.安装sentinl

可以在线安装 ./kibana-plugin install https://github.com/sirensolut...

也可以离线安装 ./kibana-plugin install file:../../sentinl-v6.2.4.zip file 关键字不能漏掉

[root@elk-181 bin]# ./kibana-plugin install file:/root/sentinl-v6.2.4.zip   
Attempting to transfer from file:/root/sentinl-v6.2.4.zip  
Transferring 130048021 bytes....................  
Transfer complete  
Retrieving metadata from plugin archive  
Extracting plugin archive  
Extraction complete  
Optimizing and caching browser bundles...  
Plugin installation complete

安装sentinl后kibana可能会关闭, 启动kibana

2.配置sentinl

1).添加一个钉钉机器人

clipboard.png

2).添加一个Watchers

clipboard.png

点击new-> 点击watchers前面的”加号“

将下方代码copy其中,记住选中enadle,然后选择保存,下次每次更改可以去input,action中直接更改保存。

{
  "actions": {
    "test-dingding": {
      "name": "waring_error_log_push_dingding",
      "throttle_period": "0h1m0s",
      "webhook": {
        "priority": "high",
        "stateless": false,
        "method": "POST",
        "host": "oapi.dingtalk.com",
        "port": "443",
        "path": "/robot/send?access_token=f4b53a0ea844f914xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "body": " {\"msgtype\": \"markdown\",\"markdown\": {\"title\":\"DEV_time.out\",\"text\": \"# Dev预警 \\t\\n ### 主机 | ```\\n{{payload.hits.hits.0._index}}\\n``` | \\t\\n ### Project | ```\\n{{payload.hits.hits.0._source.service}}\\n``` | \\t\\n ### 最近一分钟发生次数 | ```\\n{{payload.hits.total}}\\n``` | \\t\\n ### 告警内容:```\\n{{payload.hits.hits.0._source.message}}\\n``` \\t\\n \"      }  }",
        "params": {
          "watcher": "{{watcher.title}}",
          "payload_count": "{{payload.hits.total}}"
        },
        "headers": {
          "Content-Type": "application/json"
        },
        "auth": "钉钉账号:钉钉密码",
        "message": "业务功能告警",
        "use_https": true,
        "save_payload": false
      }
    }
  },
  "input": {
    "search": {
      "request": {
        "index": [
          "applog-*"
        ],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "query_string": {
                    "analyze_wildcard": true,
                    "query": "\"error\""
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-1h",
                      "lte": "now",
                      "format": "epoch_millis"
                    }
                  }
                }
              ],
              "must_not": []
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "script": "payload.hits.total >=1"
    }
  },
  "transform": {},
  "trigger": {
    "schedule": {
      "later": "every 20 minutes"
    }
  },
  "disable": true,
  "report": false,
  "title": "警告和错误日志推送钉钉"
}

3.测试

clipboard.png

clipboard.png

你可能感兴趣的:(sentinel,dingtalk,elk,centos,linux)