一、环境信息
主机名:test
插件安装目录:/data/kibana-6.5.3/
钉钉机器人: 建立一个钉钉机器人 用于通过webhook发送告警
二、安装及配置
cd /data/kibana-6.5.3/bin/
wget -c https://github.com/sirensolutions/sentinl/releases/download/tag-6.5.0-0/sentinl-v6.5.3.zip
./kibana-plugin install file:/xqxc/kibana-6.5.3/bin/sentinl-v6.5.3.zip
安装过后kibana会自动重启,安装时间较久。若安装后kibana没重启,需要手工重启。
重启后进入kibana会看到在左侧栏里新增加了"sentinl" 点击进入后,在右上角点击”new"新创建一个watchers。
并采用提供的advanced方式编写如下配置:
{
"actions": {
"Webhook_20d1b660-2a35-11eb-8e23-ef8f4b244fbe": {
"name": "error异常告警",
"throttle_period": "1m",
"webhook": {
"priority": "high",
"stateless": false,
"method": "POST",
"host": "oapi.dingtalk.com",
"port": "443",
"path": "/robot/send?access_token=6c5b9b0775e51b62a9852c3327959863375297bc0595a9cf460de590dab90419",
"body": "{\"msgtype\": \"text\", \"text\": {\"content\":\"项目:{{payload.hits.hits.0._index}}\n名称:日志ERROR告警 {{payload.hits.hits.0._source.source}}\n时间:{{payload.hits.hits.0._source.@timestamp}}\n环境:DEV\n信息: {{payload.hits.hits.0._source.mesg}}\ntimes: {{payload.hits.total}}\nthrowable: {{payload.hits.hits.0._source.throwable}}\"}}",
"params": {
"watcher": "{{watcher.title}}",
"payload_count": "{{payload.hits.total}}"
},
"headers": {
"Content-Type": "application/json"
},
"message": "业务功能告警error",
"use_https": true
}
}
},
"input": {
"search": {
"request": {
"index": [
"*"
],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"error_level": "ERROR"
}
},
{
"range": {
"@timestamp": {
"gte": "now-5m",
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total >=1"
}
},
"trigger": {
"schedule": {
"later": "every 5 minutes"
}
},
"disable": false,
"report": false,
"title": "钉钉告警",
"save_payload": false,
"spy": true,
"impersonate": false
}
三、验证
检查日志通过钉钉机器人发送情况

最后修改日期:2020年11月20日

作者

留言

撰写回覆或留言

发布留言必须填写的电子邮件地址不会公开。