ELK 开源报警模块 ElastAlert 安装使用

最新推荐文章于 2023-05-05 09:32:28 发布

几十年黄钻会员

最新推荐文章于 2023-05-05 09:32:28 发布

阅读量646

点赞数

分类专栏： E*K

本文链接：https://blog.csdn.net/Kgong/article/details/105276099

版权

E*K 专栏收录该内容

4 篇文章 0 订阅

订阅专栏

ElastAlert

安装

CentOS 上安装 ElastAlert

# 安装 pip
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python get-pip.py

# 安装 setuptools
pip install "setuptools>=11.3"

# 安装 gcc
yum install gcc -y

# 安装 python-devel
yum -y install python-devel

# remove rpm python-requests-2.6.0-1.el7_1.noarch
# 使用 rpm -e python-requests-2.6.0-1.el7_1.noarch 会提示有依赖包
# 使用下面命令将依赖一起移除
yum remove python-requests-2.6.0-1.el7_1.noarch

# remove rpm PyYAML-3.10-11.el7.x86_64
yum remove PyYAML-3.10-11.el7.x86_64

# 安装 elastalert
# 不要这么安装 pip install elastalert
git clone https://github.com/Yelp/elastalert.git
python setup.py install


# elastalter 会将自己的 log 也发送到 elasticsearch 上，所以先配置对应的 index
[root@elasticsearch ~]# elastalert-create-index
Enter Elasticsearch host: localhost
Enter Elasticsearch port: 9200
Use SSL? t/f: f
Enter optional basic-auth username (or leave blank):
Enter optional basic-auth password (or leave blank):
Enter optional Elasticsearch URL prefix (prepends a string to the URL of every request):
New index name? (Default elastalert_status)
New alias name? (Default elastalert_alerts)
Name of existing index to copy? (Default None)
Elastic Version: 7.4.1
Reading Elastic 6 index mappings:
Reading index mapping 'es_mappings/6/silence.json'
Reading index mapping 'es_mappings/6/elastalert_status.json'
Reading index mapping 'es_mappings/6/elastalert.json'
Reading index mapping 'es_mappings/6/past_elastalert.json'
Reading index mapping 'es_mappings/6/elastalert_error.json'
Deleting index elastalert_status_status.
Deleting index elastalert_status_error.
New index elastalert_status created
Done!

# 在启动器前，简单配置文件 elastalert/config.yaml.example
# The Elasticsearch hostname for metadata writeback
# Note that every rule can have its own Elasticsearch host
es_host: localhost

# The Elasticsearch port
es_port: 9200

# host，port 也可以在 rule 文件中配置，配置后此 rule 针对的集群是 rule 中指定的 host，port
[root@elasticsearch elastalert]# cat example_rules/example_frequency.yaml
# 因为 fluentd 在 elasticsearch 中表示时间的 field 是 timestamp。默认是 ‘@timestamp’
timestamp_field: timestamp

# (Optional)
# Elasticsearch host
# es_host: elasticsearch.example.com
es_host: localhost

# (Optional)
# Elasticsearch port
es_port: 9200
...

# 启动 ElastAlter
[root@elasticsearch ~]# elastalert --config elastalert/config.yaml.example --verbose --rule elastalert/example_rules/example_frequency.yaml
1 rules loaded
INFO:elastalert:Starting up
INFO:elastalert:Disabled rules are: []
INFO:elastalert:Sleeping for 59.999895 seconds
INFO:elastalert:Queried rule Example frequency rule from 2019-11-12 00:06 PST to 2019-11-12 00:11 PST: 0 / 0 hits
INFO:elastalert:Ran Example frequency rule from 2019-11-12 00:06 PST to 2019-11-12 00:11 PST: 0 query hits (0 already seen), 0 matches, 0 alerts sent
INFO:elastalert:Background configuration change check run at 2019-11-12 00:12 PST
INFO:elastalert:Background alerts thread 0 pending alerts sent at 2019-11-12 00:12 PST
INFO:elastalert:Disabled rules are: []
INFO:elastalert:Sleeping for 59.999777 seconds
INFO:elastalert:Queried rule Example frequency rule from 2019-11-12 00:06 PST to 2019-11-12 00:12 PST: 0 / 0 hits
INFO:elastalert:Ran Example frequency rule from 2019-11-12 00:06 PST to 2019-11-12 00:12 PST: 0 query hits (0 already seen), 0 matches, 0 alerts sent

reference：

Running ElastAlert for the First Time

Read the Docs

几十年黄钻会员

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ELK 开源报警模块 ElastAlert 安装使用

ElastAlert安装CentOS 上安装 ElastAlert# 安装 pipcurl https://bootstrap.pypa.io/get-pip.py -o get-pip.pypython get-pip.py# 安装 setuptoolspip install "setuptools>=11.3"# 安装 gccyum install gcc -y...
复制链接

扫一扫