【问题标题】:Email log monitring using Watcher and Kibana to trigger every minute for duration last minute使用 Watcher 和 Kibana 监控电子邮件日志,在最后一分钟内每分钟触发一次
【发布时间】:2020-03-08 05:18:04
【问题描述】:

需要在 Kibana 中创建观察者,每分钟触发一次并在最后一分钟内搜索特定日志并相应地拍摄和发送电子邮件

【问题讨论】:

    标签: elasticsearch logging logstash kibana elastic-stack


    【解决方案1】:

    能够在高级手表中创建以下内容

    {   "trigger": {
        "schedule": {
          "interval": "1m"
        }   },   "input": {
        "search": {
          "request": {
            "search_type": "query_then_fetch",
            "indices": [
              "*"
            ],
            "rest_total_hits_as_int": true,
            "body": {
              "size": 0,
              "query": {
                "bool": {
                  "filter": {
                    "range": {
                      "@timestamp": {
                        "gte": "{{ctx.trigger.scheduled_time}}||-1m",
                        "lte": "{{ctx.trigger.scheduled_time}}",
                        "format": "strict_date_optional_time||epoch_millis"
                      }
                    }
                  }
                }
              }
            }
          }
        }   },   "condition": {
        "script": {
          "source": "if (ctx.payload.hits.total > params.threshold) { return true; } return false;",
          "lang": "painless",
          "params": {
            "threshold": 0
          }
        }   },   "actions": {
        "email_action": {
          "email": {
            "profile": "standard",
            "attachments": {
              "attached_data": {
                "data": {
                  "format": "json"
                }
              }
            },
            "to": [
              "myemail@gmail.com"
            ],
            "subject": "Winlog Errors Encountered {{ctx.payload.hits.total}} logs",
            "body": {
              "text": "Too many logs in the system, see attached data"
            }
          }
        }   } }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多