本文共 4273 字,大约阅读时间需要 14 分钟。
SENTINL 是 Siren Investigate 和 Kibana 的扩展工具,旨在通过标准化查询、可编程验证器和多种可配置操作,帮助用户监控、通知和报告数据系列的变化。作为一个独立的“观察者”工具,它还支持通过PNG或PDF格式生成报告。
访问GitHub仓库:https://github.com/sirensolutions/sentinl
/opt/kibana/bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.2.2/sentinl-v6.2.2.zip
git clone https://github.com/sirensolutions/sentinlcd sentinl
npm installgulp package --version=6.2.2
/opt/kibana/bin/kibana-plugin install file:///`pwd`/target/gulp/sentinl.zip
# 删除本地插件./opt/kibana/bin/kibana-plugin remove sentinl# 服务器重启(可选)./opt/kibana/bin/kibana-plugin restart
编辑 /etc/kibana/kibana.yml,添加以下内容:
sentinl: settings: email: active: true user: lznboy-123@163.com password: 123456 host: smtp.163.com ssl: false report: active: true
在Kibana中添加Watcher,配置示例:
{ "actions": { "Alerm": { "throttle_period": "1h0m0s", "email": { "to": "lznboy-123@163.com", "from": "lznboy-123@163.com", "subject": "业务系统告警", "priority": "high", "html": "系统程序错误告警: 一共发生{payload.hits.total} 次,请登录点击登录" } } }, "input": { "search": { "request": { "index": ["nlog*"], "body": { "query": { "bool": { "must": [ { "query_string": { "analyze_wildcard": true, "query": "\"error\"" } }, { "range": { "@timestamp": { "gte": "now-1h", "lte": "now", "format": "epoch_millis" } } } ], "must_not": [] } } } } } }, "condition": { "script": "payload.hits.total >= 5" }, "trigger": { "schedule": { "later": "every 2 minutes" } }, "disable": true, "report": false, "title": "nlog", "wizard": {}, "save_payload": false, "spy": false, "impersonate": false} { "actions": { "Webhook_683bd385-86b3-46ba-8e1b-f89cccccbbec": { "name": "WatcherName", "throttle_period": "1m", "webhook": { "priority": "high", "stateless": false, "method": "POST", "host": "oapi.dingtalk.com", "port": "443", "path": "/robot/send?access_token=ec5fe24b4a218f71bca667975850cbf3f2830b9bd2bd91f60ca07fab28a3d439", "body": "{\"msgtype\": \"text\",\"text\":{\"content\":\"业务功能告警\"}}", "params": { "watcher": "{watcher.title}", "payload_count": "{payload.hits.total}" }, "headers": { "Content-Type": "application/json" }, "auth": "钉钉账号名:密码", "message": "业务功能告警", "use_https": true } } }, "input": { "search": { "request": { "index": ["nlog*"], "body": { "query": { "bool": { "filter": { "range": { "@timestamp": { "gte": "now-15m/m", "lte": "now/m", "format": "epoch_millis" } } } } }, "size": 0, "aggs": { "dateAgg": { "date_histogram": { "field": "@timestamp", "time_zone": "Europe/Amsterdam", "interval": "1m", "min_doc_count": 1 } } } } } } }, "condition": { "script": "payload.aggregations.dateAgg.buckets.some(b => b.doc_count >=5)" }, "trigger": { "schedule": { "later": "every 1 minutes" } }, "disable": true, "report": false, "title": "nlog_dingding", "wizard": {}, "save_payload": false, "spy": false, "impersonate": false} 通过以上步骤,ELK 平台与业务系统对接,邮件、钉钉告警功能已成功配置。 SENTINL 的灵活性使其能够根据业务需求扩展更多功能,建议结合实际场景进一步优化配置。
转载地址:http://rbxi.baihongyu.com/