kibana-sentinl插件监控报警
到github下载对应的版本的sentinl https://github.com/sirensolutions/sentinl/releases/
插件安装,通过远程安装,或者下载到本地都行,下面两种方式二选一
./bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.2.3-3/sentinl-v6.0.1.zip
./bin/kibana-plugin install file:./sentinl-v6.0.1.zip 配置邮箱账户 vim /etc/kibana/kibana.yml 将下面内容追加到配置文件
sentinl:
settings:
email:
active: true
user: xxx@163.com password: mima host: smtp.163.com ssl: true #根据实际情况添加 report: active: true 打开kibana会发现多一个菜单sentinl,然后点开 一次点击new watcher 直接改Raw的文件,解析如下
{
"_index": "watcher",
"_type": "watch",
"_id": "new_watcher_bzd9kgjzi", "_score": 1, "_source": { "title": "Alerm", "disable": false, "uuid": "new_watcher_bzd9kgjzi", "trigger": { "schedule": { "later": "every 1 hours" //执行时间为1小时 } }, "input": { "search": { "request": { "body": { "query": { "bool": { "must": [ { "query_string": { "fields": [ "body^5", "_all" ], "query": "ERROR~", //限制报警源为出错ERROR的日志 "use_dis_max": true } }, { "range": { "@timestamp": { "gte": "now-1h", //对进1小时的日志进行检测 "lte": "now", "format": "epoch_millis" } } } ], "must_not": [] } } } } } }, "condition": { "script": { "script": "payload.hits.total>=1" //当报警条件为ERROR出现的次数大于1 } }, "transform": { "script": { "script": "" } }, "actions": { "AlermNeon": { "throttle_period": "1h0m0s", "email": { "to": "[email protected]", //接收报警的邮箱 "from": "[email protected]",//发送报警的邮箱(与kibana.yml配置中一致) "subject": "Sentinl Alarm", "priority": "high", "body": "Alerm of neon: {{payload.hits.total}} !" //邮件内容 } } } } }