kibana-sentinl-監控報警

kibana 安裝 sentin 插件

./bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.2.3-2/sentinl-v6.2.3.zip  # 根據實際狀況下載對應kibana版本的插件

重啓kibana

 

添加發件郵箱

vim /etc/kibana/kibana.yml

sentinl:
  settings:
    email:
      active: true
      user: xxx@163.com
      password: mima
      host: smtp.163.com
      ssl: true   #根據實際狀況添加
    report:
      active: true

 

添加報警規則：

 

 

 

{  
  "_index": "watcher",  
  "_type": "watch",  
  "_id": "new_watcher_bzd9kgjzi",  
  "_score": 1,  
  "_source": {  
    "title": "Alerm",  
    "disable": false,  
    "uuid": "new_watcher_bzd9kgjzi",  
    "trigger": {  
      "schedule": {  
        "later": "every 1 hours"  //執行時間爲1小時  
      }  
    },  
    "input": {  
      "search": {  
        "request": {  
          "body": {  
            "query": {  
              "bool": {  
                "must": [  
                  {  
                    "query_string": {  
                      "fields": [  
                        "body^5",  
                        "_all"  
                      ],  
                      "query": "ERROR~",  //限制報警源爲出錯ERROR的日誌  
                      "use_dis_max": true  
                    }  
                  },  
                  {  
                    "range": {  
                      "@timestamp": {  
                        "gte": "now-1h",  //對進1小時的日誌進行檢測  
                        "lte": "now",  
                        "format": "epoch_millis"  
                      }  
                    }  
                  }  
                ],  
                "must_not": []  
              }  
            }  
          }  
        }  
      }  
    },  
    "condition": {  
      "script": {  
        "script": "payload.hits.total>=1"  //當報警條件爲ERROR出現的次數大於1  
      }  
    },  
    "transform": {  
      "script": {  
        "script": ""  
      }  
    },  
    "actions": {  
      "AlermNeon": {  
        "throttle_period": "1h0m0s",  
        "email": {  
          "to": "yyyg@163.com",  //接收報警的郵箱  
          "from": "xxxx@163.com",//發送報警的郵箱（與kibana.yml配置中一致）  
          "subject": "Sentinl Alarm",  
          "priority": "high",  
          "body": "Alerm of neon: {{payload.hits.total}} !"  //郵件內容  
        }  
      }  
    }  
  }  
}  

查看kibana 日誌，看有沒有異常報錯： tail -f /var/log/kibana/kibana.stdout

 參考連接：

　https://blog.csdn.net/whg18526080015/article/details/73812400

　http://blog.51cto.com/10546390/2051676