参考网址:
- https://www.cnblogs.com/reboot51/p/8328720.html
- https://www.elastic.co/guide/en/x-pack/5.6/actions-email.html #邮件设置
elasticsearch 配置
- xpack.notification.email.account:
- exchange_account:
- profile: outlook
- email_defaults:
- from: info@mail.xxx.com
- smtp:
- auth: true
- starttls.enable: false
- host: smtpdm.aliyun.com
- port: 25
- user: info@mail.xxx.com
- password: hkxxx2016
watcher 配置
1.syslog 数量监控
- {
- "trigger": {
- "schedule": {"interval": "1m"}
- },
- "input": {
- "search": {
- "request": {
- "search_type": "query_then_fetch",
- "indices": [
- "syslog-*"
- ],
- "types": [],
- "body": {
- "size": 0,
- "query": {
- "range": {
- "@timestamp": {
- "gt": "now-1m"
- }
- }
- },
- "sort": [
- {
- "@timestamp": {
- "order": "desc"
- }
- }
- ]
- }
- }
- }
- },
- "condition": {
- "compare": {
- "ctx.payload.hits.total": {
- "gte": 10
- }
- }
- },
- "actions": {
- "email": {
- "throttle_period_in_millis": 60000,
- "email": {
- "profile": "outlook",
- "priority": "high",
- "to": [
- "liyf02@abc.com"
- ],
- "subject": "syslog 产生 {{ctx.payload.hits.total}} 条记录",
- "body": {
- "html": "<html><h3>syslog 索引 一分钟内产生 {{ctx.payload.hits.total}} 条记录, 请注意查看</h3></html>"
- }
- }
- }
- }
- }
2.elastic 状态报警
- {
- "trigger": {
- "schedule": {
- "interval": "1m"
- }
- },
- "input": {
- "http": {
- "request": {
- "scheme": "http",
- "host": "10.25.234.176",
- "port": 9200,
- "method": "get",
- "path": "/_cluster/health",
- "params": {},
- "headers": {}
- }
- }
- },
- "condition": {
- "compare": {
- "ctx.payload.status": {
- "not_eq": "green"
- }
- }
- },
- "actions": {
- "email": {
- "throttle_period_in_millis": 60000,
- "email": {
- "profile": "outlook",
- "priority": "high",
- "to": [
- "liyf02@abc.com"
- ],
- "subject": "elasticsearch 状态为{{ctx.payload.status}}, 注意查看",
- "body": {
- "html": "<html><h3>elasticsearch 状态为{{ctx.payload.status}}, 注意查看!</h3></html>"
- }
- }
- }
- }
- }
3. 延时报警
- {
- "trigger": {
- "schedule": {
- "cron": "0/30 * 1-6 ? * 2-6"
- }
- },
- "input": {
- "search": {
- "request": {
- "search_type": "query_then_fetch",
- "indices": [
- "simulation_adjust_job*"
- ],
- "types": [],
- "body": {
- "size": 0,
- "query": {
- "bool": {
- "must": [
- {
- "query_string": {
- "query": "task_accumulative_time_consuming:>3000"
- }
- },
- {
- "range": {
- "@timestamp": {
- "gt": "now-30s"
- }
- }
- }
- ]
- }
- },
- "sort": [
- {
- "@timestamp": {
- "order": "desc"
- }
- }
- ]
- }
- }
- }
- },
- "condition": {
- "compare": {
- "ctx.payload.hits.total": {
- "gte": 3
- }
- }
- },
- "actions": {
- "email": {
- "throttle_period_in_millis": 60000,
- "email": {
- "profile": "outlook",
- "priority": "high",
- "to": [
- "liyf02@abc.com"
- ],
- "subject": "[严重] 模拟交易成交时间",
- "body": {
- "html": "<html><h3>30s 内成交时间超过 3 秒的有 {{ctx.payload.hits.total}} 条记录, 请注意查看!</h3></html>"
- }
- }
- }
- }
- }
来源: http://www.bubuko.com/infodetail-2655559.html