sentinl的监控&告警实例

说明:定制XX业务每12小时出错日志报警,邮件通知给相关业务负责人。

{
  "actions": {
    "email_html_alarm_5b59dde3-b16a-4240-aed6-aca0d1": {
      "name": "email html alarm",
      "throttle_period": "1m",
      "email_html": {
        "to": "[email protected],[email protected]",
        "from": "[email protected]",
        "stateless": false,
        "subject": "XX业务服务生产环境日志告警",
        "priority": "high",
        "html": "

各位好,

\n

本次日志扫描最近12小时内发现{{payload.hits.total}}条Error信息,请登录kibana查询具体错误信息。 http://192.168.1.110:8449/app/kibana#/discover/searchId

\n
\n
\n

本次日志扫描采用以下策略:

\n
  • {{watcher.condition.script.script}}
\n
" } } }, "input": { "search": { "request": { "index": [ "prod*" ], "body": { "query": { "bool": { "must": [ { "query_string": { "query": "message:*Error AND ( path:*Eportal* OR path: *EData*)", "use_dis_max": true } } ], "filter": [ { "range": { "@timestamp": { "gte": "now-720m", "lt": "now" } } } ] } } } } } }, "condition": { "script": { "script": "payload.hits.total > 5" } }, "transform": {}, "trigger": { "schedule": { "later": "every 60 minutes" } }, "disable": false, "report": false, "title": "XX业务服务日志告警-Error", "save_payload": false, "spy": false, "impersonate": false }

参考Kibana 用户手册
官方文档 https://sentinl.readthedocs.io/en/latest/Watcher-Anatomy/#input-query
ELK的sentinl告警配置详解
Elasticsearch(查询详解) https://my.oschina.net/wsyblog/blog/702841

你可能感兴趣的:(sentinl的监控&告警实例)