kibana-sentinl插件監控報警
到github下載對應的版本的sentinl https://github.com/sirensolutions/sentinl/releases/
插件安裝,通過遠程安裝,或者下載到本地都行,下面兩種方式二選一
./bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.2.3-3/sentinl-v6.0.1.zip ./bin/kibana-plugin install file:./sentinl-v6.0.1.zip
配置郵箱賬戶 vim /etc/kibana/kibana.yml 將下面內容追加到配置文件
sentinl:
settings:
email:
active: true
user: xxx@163.com
password: mima
host: smtp.163.com
ssl: true #根據實際情況添加
report:
active: true
打開kibana會發現多一個菜單sentinl,然后點開 一次點擊new watcher 直接改Raw的文件,解析如下
{
"_index": "watcher",
"_type": "watch",
"_id": "new_watcher_bzd9kgjzi",
"_score": 1,
"_source": {
"title": "Alerm",
"disable": false,
"uuid": "new_watcher_bzd9kgjzi",
"trigger": {
"schedule": {
"later": "every 1 hours" //執行時間為1小時
}
},
"input": {
"search": {
"request": {
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"fields": [
"body^5",
"_all"
],
"query": "ERROR~", //限制報警源為出錯ERROR的日志
"use_dis_max": true
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h", //對進1小時的日志進行檢測
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total>=1" //當報警條件為ERROR出現的次數大於1
}
},
"transform": {
"script": {
"script": ""
}
},
"actions": {
"AlermNeon": {
"throttle_period": "1h0m0s",
"email": {
"to": "yyyg@163.com", //接收報警的郵箱
"from": "xxxx@163.com",//發送報警的郵箱(與kibana.yml配置中一致)
"subject": "Sentinl Alarm",
"priority": "high",
"body": "Alerm of neon: {{payload.hits.total}} !" //郵件內容
}
}
}
}
}