参考文档:《elast alert》

假设报错的内容为:

ceph-rest-api service down

At least 1 events occurred between 2017-10-18 16:46 CST and 2017-10-18 17:46 CST

@timestamp: 2017-10-18T09:46:44.897Z

_id: AV8u4NMJlV0N0Gfm3nbE

_index: metricbeat-7.0.0-alpha1-2017.10.18

_type: doc

beat: {

    "hostname": "centos7gui",

    "name": "centos7gui",

    "version": "7.0.0-alpha1"

}

ceph: {

    "cluster_disk": {}

}

error: {

    "message": "error making http request: Get http://192.168.56.133:5000/api/v0.1/df: dial tcp 192.168.56.133:5000: getsockopt: no route to host"

}

metricset: {

    "host": "192.168.56.133:5000",

    "module": "ceph",

    "name": "cluster_disk",

    "rtt": 2022944

}

num_hits: 382

num_matches: 30

[config]

config.yaml

rules_folder: example_rules

run_every:

  minutes: 1

buffer_time:

  minutes: 15

es_host: 192.168.56.162

es_port: 9200

writeback_index: elastalert_status

alert_time_limit:

  days: 2

[email alert]

smtp_auth_file.yaml

user: "leiba726@163.com"

password: "xxxxxx"

my_rule.yaml

# Alert when the rate of events exceeds a threshold

# (Optional)

# Elasticsearch host

# es_host: elasticsearch.example.com

# (Optional)

# Elasticsearch port

# es_port: 14900

# (OptionaL) Connect with SSL to Elasticsearch

#use_ssl: True

# (Optional) basic-auth username and password for Elasticsearch

#es_username: someusername

#es_password: somepassword

# (Required)

# Rule name, must be unique

name: ceph-rest-api service down

# (Required)

# Type of alert.

# the frequency rule type alerts when num_events events occur with timeframe time

type: frequency

# (Required)

# Index to search, wildcard supported

index: metricbeat-*

# (Required, frequency specific)

# Alert when this many documents matching the query occur within a timeframe

num_events: 1

# (Required, frequency specific)

# num_events must occur within this amount of time to trigger an alert

timeframe:

  hours: 1

# (Required)

# A list of Elasticsearch filters used for find events

# These filters are joined with AND and nested in a filtered query

# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html

filter:

- query:

        query_string:

                query: 'error making http request'

# (Required)

# The alert is use when a match is found

smtp_host: smtp.163.com

smtp_port: 25

smtp_auth_file: smtp_auth_file.yaml

email_reply_to: leiba726@163.com

from_addr: leiba726@163.com

alert:

- "email"

# (required, email specific)

# a list of email addresses to send alerts to

email:

- "leiba726@163.com"

- "elaroff@163.com"

[command alert]

my_rule.yaml

# Alert when the rate of events exceeds a threshold

# (Optional)

# Elasticsearch host

# es_host: elasticsearch.example.com

# (Optional)

# Elasticsearch port

# es_port: 14900

# (OptionaL) Connect with SSL to Elasticsearch

#use_ssl: True

# (Optional) basic-auth username and password for Elasticsearch

#es_username: someusername

#es_password: somepassword

# (Required)

# Rule name, must be unique

name: ceph-rest-api service down

# (Required)

# Type of alert.

# the frequency rule type alerts when num_events events occur with timeframe time

type: frequency

# (Required)

# Index to search, wildcard supported

index: metricbeat-*

# (Required, frequency specific)

# Alert when this many documents matching the query occur within a timeframe

num_events: 1

# (Required, frequency specific)

# num_events must occur within this amount of time to trigger an alert

timeframe:

  hours: 1

# (Required)

# A list of Elasticsearch filters used for find events

# These filters are joined with AND and nested in a filtered query

# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html

filter:

- query:

        query_string:

                query: 'error making http request'

# (Required)

# The alert is use when a match is found

smtp_host: smtp.163.com

smtp_port: 25

smtp_auth_file: smtp_auth_file.yaml

email_reply_to: leiba726@163.com

from_addr: leiba726@163.com

new_style_string_format: True

alert:

- "command"

# (required, email specific)

# a list of email addresses to send alerts to

command: ["/bin/bash", "/var/hello.sh", "{match[error]}"]

执行elast alert的命令为:

python -m elastalert.elastalert --verbose --rule example_rules/my_rule.yaml

elast alert的更多相关文章

  1. 使用webstorm+webpack构建简单入门级“HelloWorld”的应用&&引用jquery来实现alert

    使用webstorm+webpack构建简单入门级"HelloWorld"的应用&&构建使用jquery来实现 1.首先你自己把webstorm安装完成. 请参考这 ...

  2. 更改默认alert框体

    更改框体主要用到的是更改系统的内置控件winpop下面是winpop具体代码 (function(window, jQuery, undefined) { 2 3 var HTMLS = { 4 ov ...

  3. ios UIWebView自定义Alert风格的弹框

    之前开发过一个App,因为公司之前写好了网页版的内容和安卓版本的App,我进去后老板要求我ios直接用网页的内容,而不需要自己再搭建框架.我一听,偷笑了,这不就是一个UIWebView吗?简单! 但是 ...

  4. C# webBrowser控件禁用alert,confirm之类的弹窗解决方案

    同样的代码,我尝试了很多次都没有成功.最后终于成功了,是因为我没有在正确的事件里面调用这段代码. private void InjectAlertBlocker() { HtmlElement hea ...

  5. 【svn】SSL error: A TLS warning alert has been received的解决方法

    第一次用svn(>_<),结果在运行下面语句时,svn很不友好的报错了..... svn co http:10.11.12.13/test1/test2 . 报错信息: svn: OPTI ...

  6. 【疑难杂症系列01】TypeError: alert is not a function

    一.背景 话说今天在调试js的时候,碰到一个很奇怪的问题,现记录一下.当使用alert()函数弹出提示时,总是报错,你没看错,alert函数报错了. 二.详细说明 当时正在做一个关于告警的页面展示功能 ...

  7. React-native之Alert

    普通的alert 先看函数原型 alert: (title: string, message?: string, buttons?: AlertButton[], type?: string) =&g ...

  8. javaFx:使用弹出对话框 Alert

    javaFx8 自带的对话框非常好用,类似的使用方式如下: /** * 弹出一个通用的确定对话框 * @param p_header 对话框的信息标题 * @param p_message 对话框的信 ...

  9. JAVA_javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name

    tomcat访问https请求返回: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name at sun.se ...

随机推荐

  1. 2.1博客系统 |基于form组件和Ajax实现注册登录

    基于forms组件和Ajax实现注册功能 1 基于forms组件设计注册页面 --点击头像 === 点击input --头像预览: 修改用户选中的文件对象:获取文件对象的路径:修改img的src属性, ...

  2. 大数据系列博客之 --- 深入简出 Shell 脚本语言(高级篇)

    首先声明,此系列shell系列博客分为四篇发布,分别是: 基础篇:https://www.cnblogs.com/lsy131479/p/9914747.html 提升篇:https://www.cn ...

  3. go语言学习-数组-切片-map

    数组 go语言中数组的特点: 数组的长度是固定的,并且长度也是数组类型的一部分 是值类型,在赋值或者作为参数传递时,会复制整个数组,而不是指针 定义数组的语法: var arr1 = [5]int{1 ...

  4. 打开Word时出现“The setup controller has encountered a problem during install. Please ...”

    找到C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller,将这个文件夹删除或改名,就不再出现提 ...

  5. AJP认证信息爆破ajp_brute

    AJP认证信息爆破ajp_brute   一旦AJP服务启用身份认证后,就可以使用Nmap提供的ajp-brute脚本实施爆破.该脚本使用Nmap自带的用户名字典和密码字典实施爆破.在破解前,用户应该 ...

  6. 轻松学C#----第二篇笔记

    第二篇: 分析下第一篇的代码,见下图: 2.同其他语言一样,C#语言在编写时也遵守一定的语法规范. A.标识符(identify):指为方法.变量.其他任何用户自定义项指定的名称.标识符必须遵循一定的 ...

  7. oracle级联删除

    oracle级联删除可以使用触发器来实现,但是比较麻烦,最简单的就是直接建立表的主外键关系,给列设置级联删除. ------创建了CLASS表,并设置ID字段为主键. -- Create table ...

  8. db2执行计划具体操作

    explain 1.如果第一次执行,请先(在dbinst用户下) connect to dbname,执行db2 -tvf $HOME/sqllib/misc/EXPLAIN.DDL建立执行计划表 2 ...

  9. Introduction to pinatrace annotate version 2: a look into latches again

    https://fritshoogland.wordpress.com/2017/12/22/introduction-to-pinatrace-annotate-version-2-a-look-i ...

  10. AngularJS转换请求内容

    在"AngularJS中转换响应内容"中,体验了如何转换响应内容.本篇来体验如何转换请求内容. 主页面通过onSend方法把request对象转递出去. <form name ...