kibana 安装 sentin 插件
./bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.2.3-2/sentinl-v6.2.3.zip # 根据实际情况下载对应kibana版本的插件
重启kibana
添加发件邮箱
vim /etc/kibana/kibana.yml
sentinl:
settings:
email:
active: true
user: xxx@163.com
password: mima
host: smtp.163.com
ssl: true #根据实际情况添加
report:
active: true
添加报警规则:
{
"_index": "watcher",
"_type": "watch",
"_id": "new_watcher_bzd9kgjzi",
"_score": 1,
"_source": {
"title": "Alerm",
"disable": false,
"uuid": "new_watcher_bzd9kgjzi",
"trigger": {
"schedule": {
"later": "every 1 hours" //执行时间为1小时
}
},
"input": {
"search": {
"request": {
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"fields": [
"body^5",
"_all"
],
"query": "ERROR~", //限制报警源为出错ERROR的日志
"use_dis_max": true
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h", //对进1小时的日志进行检测
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total>=1" //当报警条件为ERROR出现的次数大于1
}
},
"transform": {
"script": {
"script": ""
}
},
"actions": {
"AlermNeon": {
"throttle_period": "1h0m0s",
"email": {
"to": "yyyg@163.com", //接收报警的邮箱
"from": "xxxx@163.com",//发送报警的邮箱(与kibana.yml配置中一致)
"subject": "Sentinl Alarm",
"priority": "high",
"body": "Alerm of neon: {{payload.hits.total}} !" //邮件内容
}
}
}
}
}
查看kibana 日志,看有没有异常报错: tail -f /var/log/kibana/kibana.stdout
参考链接:
https://blog.csdn.net/whg18526080015/article/details/73812400
http://blog.51cto.com/10546390/2051676