elastalert docker安装

基于对elasticsearch中数据监控需要，我尝试了sentinl和elastalert两款工具。虽然elastalert是纯文本，但易配置管理。elk自带的watch需要付费才可使用。

6.2x版本以上，需要先运行elastalert server服务(docker),然后在能使用kibana plugin elastalert插件

docker 安装 elastalert

注：docker安装时需要注意，需要安装最新的docker 17.x版本，否则无法make镜像
issues

elastalert server

$ cd /usr/local/python3
$ git clone https://github.com/bitsensor/elastalert.git && cd elastalert
$ make build
Sending build context to Docker daemon 150.5 kB
Step 1/29 : FROM alpine:latest as py-ea
Error parsing reference: "alpine:latest as py-ea" is not a valid repository/tag: invalid reference format

###Dockerfile文件中给镜像取别名，将别名删除，在build

$ docker build -t elastalert 

镜像打完后：

$ docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
elastalert                      latest              36984000449d        7 days ago          281MB

###修改全局配置文件
$ vim config/config.json
{
  "appName": "elastalert-server",
  "port": 3030,
  "wsport": 3333,
  "elastalertPath": "/opt/elastalert",
  "verbose": false,
  "es_debug": false,
  "debug": false,
  "rulesPath": {    #规则配置文件存放目录
    "relative": true,
    "path": "/rules"
  },
  "templatesPath": {
    "relative": true,
    "path": "/rule_templates"
  },
  "es_host": "192.168.20.5",    #es host
  "es_port": 9200,
  "writeback_index": "elastalert_status"
}

$ grep "^[^#]" config/elastalert.yaml 
es_host: 192.168.20.5
es_port: 9200
rules_folder: rules   #配置文件目录
run_every:            #全局配置，多久执行一次配置文件
  seconds: 30
buffer_time:          #全局配置
  minutes: 1
writeback_index: elastalert_status   #查询匹配到的信息存放的索引名称
alert_time_limit:
  days: 2

启动服务：

$ docker run -d -p 3030:3030  
   -v /usr/local/python3/elastalert/config/elastalert.yaml:/opt/elastalert/config.yaml   
   -v /usr/local/python3/elastalert/config/config.json:/opt/elastalert-server/config/config.json 
   -v /usr/local/python3/elastalert/rules:/opt/elastalert/rules  
   -v /usr/local/python3/elastalert/rule_templates:/opt/elastalert/rule_templates 
   -v /usr/local/python3/elastalert/server_data:/opt/elastalert/server_data 
   -v /usr/local/python3/elastalert/logs:/opt/logs 
   --net=host --name elastalert elastalert:latest

安装kibana elastalert plugins

下载地址

kibana install:

$ /usr/local/pkg/kibana/bin/kibana-plugin install file:///usr/local/pkg/sentinl-v6.5.2.zip