参考文档:《elast alert》

假设报错的内容为:

ceph-rest-api service down

At least 1 events occurred between 2017-10-18 16:46 CST and 2017-10-18 17:46 CST

@timestamp: 2017-10-18T09:46:44.897Z

_id: AV8u4NMJlV0N0Gfm3nbE

_index: metricbeat-7.0.0-alpha1-2017.10.18

_type: doc

beat: {

    "hostname": "centos7gui",

    "name": "centos7gui",

    "version": "7.0.0-alpha1"

}

ceph: {

    "cluster_disk": {}

}

error: {

    "message": "error making http request: Get http://192.168.56.133:5000/api/v0.1/df: dial tcp 192.168.56.133:5000: getsockopt: no route to host"

}

metricset: {

    "host": "192.168.56.133:5000",

    "module": "ceph",

    "name": "cluster_disk",

    "rtt": 2022944

}

num_hits: 382

num_matches: 30

[config]

config.yaml

rules_folder: example_rules

run_every:

  minutes: 1

buffer_time:

  minutes: 15

es_host: 192.168.56.162

es_port: 9200

writeback_index: elastalert_status

alert_time_limit:

  days: 2

[email alert]

smtp_auth_file.yaml

user: "leiba726@163.com"

password: "xxxxxx"

my_rule.yaml

# Alert when the rate of events exceeds a threshold

# (Optional)

# Elasticsearch host

# es_host: elasticsearch.example.com

# (Optional)

# Elasticsearch port

# es_port: 14900

# (OptionaL) Connect with SSL to Elasticsearch

#use_ssl: True

# (Optional) basic-auth username and password for Elasticsearch

#es_username: someusername

#es_password: somepassword

# (Required)

# Rule name, must be unique

name: ceph-rest-api service down

# (Required)

# Type of alert.

# the frequency rule type alerts when num_events events occur with timeframe time

type: frequency

# (Required)

# Index to search, wildcard supported

index: metricbeat-*

# (Required, frequency specific)

# Alert when this many documents matching the query occur within a timeframe

num_events: 1

# (Required, frequency specific)

# num_events must occur within this amount of time to trigger an alert

timeframe:

  hours: 1

# (Required)

# A list of Elasticsearch filters used for find events

# These filters are joined with AND and nested in a filtered query

# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html

filter:

- query:

        query_string:

                query: 'error making http request'

# (Required)

# The alert is use when a match is found

smtp_host: smtp.163.com

smtp_port: 25

smtp_auth_file: smtp_auth_file.yaml

email_reply_to: leiba726@163.com

from_addr: leiba726@163.com

alert:

- "email"

# (required, email specific)

# a list of email addresses to send alerts to

email:

- "leiba726@163.com"

- "elaroff@163.com"

[command alert]

my_rule.yaml

# Alert when the rate of events exceeds a threshold

# (Optional)

# Elasticsearch host

# es_host: elasticsearch.example.com

# (Optional)

# Elasticsearch port

# es_port: 14900

# (OptionaL) Connect with SSL to Elasticsearch

#use_ssl: True

# (Optional) basic-auth username and password for Elasticsearch

#es_username: someusername

#es_password: somepassword

# (Required)

# Rule name, must be unique

name: ceph-rest-api service down

# (Required)

# Type of alert.

# the frequency rule type alerts when num_events events occur with timeframe time

type: frequency

# (Required)

# Index to search, wildcard supported

index: metricbeat-*

# (Required, frequency specific)

# Alert when this many documents matching the query occur within a timeframe

num_events: 1

# (Required, frequency specific)

# num_events must occur within this amount of time to trigger an alert

timeframe:

  hours: 1

# (Required)

# A list of Elasticsearch filters used for find events

# These filters are joined with AND and nested in a filtered query

# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html

filter:

- query:

        query_string:

                query: 'error making http request'

# (Required)

# The alert is use when a match is found

smtp_host: smtp.163.com

smtp_port: 25

smtp_auth_file: smtp_auth_file.yaml

email_reply_to: leiba726@163.com

from_addr: leiba726@163.com

new_style_string_format: True

alert:

- "command"

# (required, email specific)

# a list of email addresses to send alerts to

command: ["/bin/bash", "/var/hello.sh", "{match[error]}"]

执行elast alert的命令为:

python -m elastalert.elastalert --verbose --rule example_rules/my_rule.yaml

elast alert的更多相关文章

  1. 使用webstorm+webpack构建简单入门级“HelloWorld”的应用&&引用jquery来实现alert

    使用webstorm+webpack构建简单入门级"HelloWorld"的应用&&构建使用jquery来实现 1.首先你自己把webstorm安装完成. 请参考这 ...

  2. 更改默认alert框体

    更改框体主要用到的是更改系统的内置控件winpop下面是winpop具体代码 (function(window, jQuery, undefined) { 2 3 var HTMLS = { 4 ov ...

  3. ios UIWebView自定义Alert风格的弹框

    之前开发过一个App,因为公司之前写好了网页版的内容和安卓版本的App,我进去后老板要求我ios直接用网页的内容,而不需要自己再搭建框架.我一听,偷笑了,这不就是一个UIWebView吗?简单! 但是 ...

  4. C# webBrowser控件禁用alert,confirm之类的弹窗解决方案

    同样的代码,我尝试了很多次都没有成功.最后终于成功了,是因为我没有在正确的事件里面调用这段代码. private void InjectAlertBlocker() { HtmlElement hea ...

  5. 【svn】SSL error: A TLS warning alert has been received的解决方法

    第一次用svn(>_<),结果在运行下面语句时,svn很不友好的报错了..... svn co http:10.11.12.13/test1/test2 . 报错信息: svn: OPTI ...

  6. 【疑难杂症系列01】TypeError: alert is not a function

    一.背景 话说今天在调试js的时候,碰到一个很奇怪的问题,现记录一下.当使用alert()函数弹出提示时,总是报错,你没看错,alert函数报错了. 二.详细说明 当时正在做一个关于告警的页面展示功能 ...

  7. React-native之Alert

    普通的alert 先看函数原型 alert: (title: string, message?: string, buttons?: AlertButton[], type?: string) =&g ...

  8. javaFx:使用弹出对话框 Alert

    javaFx8 自带的对话框非常好用,类似的使用方式如下: /** * 弹出一个通用的确定对话框 * @param p_header 对话框的信息标题 * @param p_message 对话框的信 ...

  9. JAVA_javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name

    tomcat访问https请求返回: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name at sun.se ...

随机推荐

  1. MXNet 中的 hybird_forward 的一个使用技巧

    from mxnet.gluon import nn from mxnet import nd class SliceLike(nn.HybridBlock): def __init__(self, ...

  2. 关于instanceof判断的条件

    //instanceof是判断左侧对象是不是右侧类的实例 package myPackage;     /**   * instanceof运算符用法   * 运算符是双目运算符,左面的操作元是一个对 ...

  3. 安装 jenkins

    1. 将jenkins.war包放在 tomcat  的 webapps 目录下即可 2 重启 tomcat 3. 通过浏览器访问 IP:8080/jenkins

  4. Redis简单延时队列

    Redis实现简单延队列, 利用zset有序的数据结构, score设置为延时的时间戳. 实现思路: 1.使用命令 [zrangebyscore keyName socreMin socreMax] ...

  5. 使用 IntraWeb (35) - TIWJQueryWidget

    可有可无的东西, 因为没有它也可以方便达成其目的, 使用它貌似更形象一些; 也可以通过它调用其他 js 库. 利用类似手段, 有人推出了 CGDevTools; 它主要是利用 JQuery 扩展而成, ...

  6. 使用Maven自动部署Java Web项目到Tomcat问题小记

    导读 首先说说自己为啥要用maven管理项目,一个直接的原因是:我在自己电脑上开发web项目,每次部署到服务器上时都要经历如下步骤: 首先在Eclipse里将项目打包成war包 将服务器上原来的项目文 ...

  7. Knockout.Js官网学习(Mapping高级用法二)

    使用ignore忽略不需要map的属性 如果在map的时候,你想忽略一些属性,你可以使用ignore累声明需要忽略的属性名称集合: " }; var mapping = { 'ignore' ...

  8. Go语言之高级篇beego框架之配置beego环境

    1.配置beego环境 进入部署目录中 软件部署目录: 把要部署的软件代码,放在src目录下面. 启动项目

  9. 使用three.js写全景图,使用sprite类canvas,结合射线,点击跳转指定全景图【转】

    https://blog.csdn.net/WDCCSDN/article/details/81214804 话不多说上代码: 1.html: <!DOCTYPE html>    < ...

  10. iOS开发-获取设备型号信息

    开发中有的时候查看设计统计数据,或者通过日志查看错误信息,这个时候我们就需要获取获取设备信息,看下关于设备有几种方法: NSLog(@"%@",[[UIDevice current ...