【发布时间】:2020-03-08 05:18:04
【问题描述】:
需要在 Kibana 中创建观察者,每分钟触发一次并在最后一分钟内搜索特定日志并相应地拍摄和发送电子邮件
【问题讨论】:
标签: elasticsearch logging logstash kibana elastic-stack
需要在 Kibana 中创建观察者,每分钟触发一次并在最后一分钟内搜索特定日志并相应地拍摄和发送电子邮件
【问题讨论】:
标签: elasticsearch logging logstash kibana elastic-stack
能够在高级手表中创建以下内容
{ "trigger": {
"schedule": {
"interval": "1m"
} }, "input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-1m",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
}
}
}
} }, "condition": {
"script": {
"source": "if (ctx.payload.hits.total > params.threshold) { return true; } return false;",
"lang": "painless",
"params": {
"threshold": 0
}
} }, "actions": {
"email_action": {
"email": {
"profile": "standard",
"attachments": {
"attached_data": {
"data": {
"format": "json"
}
}
},
"to": [
"myemail@gmail.com"
],
"subject": "Winlog Errors Encountered {{ctx.payload.hits.total}} logs",
"body": {
"text": "Too many logs in the system, see attached data"
}
}
} } }
【讨论】: