kibana-sentinl插件监控报警
到github下载对应的版本的sentinl https://github.com/sirensolutions/sentinl/releases/
插件安装,通过远程安装,或者下载到本地都行,下面两种方式二选一
./bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.2.3-3/sentinl-v6.0.1.zip ./bin/kibana-plugin install file:./sentinl-v6.0.1.zip
配置邮箱账户 vim /etc/kibana/kibana.yml 将下面内容追加到配置文件
sentinl:
settings:
email:
active: true
user: xxx@163.com
password: mima
host: smtp.163.com
ssl: true #根据实际情况添加
report:
active: true
打开kibana会发现多一个菜单sentinl,然后点开 一次点击new watcher 直接改Raw的文件,解析如下
{
"_index": "watcher",
"_type": "watch",
"_id": "new_watcher_bzd9kgjzi",
"_score": 1,
"_source": {
"title": "Alerm",
"disable": false,
"uuid": "new_watcher_bzd9kgjzi",
"trigger": {
"schedule": {
"later": "every 1 hours" //执行时间为1小时
}
},
"input": {
"search": {
"request": {
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"fields": [
"body^5",
"_all"
],
"query": "ERROR~", //限制报警源为出错ERROR的日志
"use_dis_max": true
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h", //对进1小时的日志进行检测
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total>=1" //当报警条件为ERROR出现的次数大于1
}
},
"transform": {
"script": {
"script": ""
}
},
"actions": {
"AlermNeon": {
"throttle_period": "1h0m0s",
"email": {
"to": "yyyg@163.com", //接收报警的邮箱
"from": "xxxx@163.com",//发送报警的邮箱(与kibana.yml配置中一致)
"subject": "Sentinl Alarm",
"priority": "high",
"body": "Alerm of neon: {{payload.hits.total}} !" //邮件内容
}
}
}
}
}