elk报警监控sentinl叮叮报警配置1.安装sentinl可以在线安装./kibana-plugininstallhttps://github.com/sirensolut...也可以离线安装./kibana-plugininstallfile:../../sentinl-v6.2.4.zip文件关键字不能省略[root@elk-181bin]#./kibana-plugininstallfile:/root/sentinl-v6.2.4.zipAttemptingtotransferfromfile:/root/sentinl-v6.2.4.zip正在传输130048021字节......传输完成正在从插件存档中检索元数据正在提取插件存档提取完成正在优化和缓存浏览器包......插件安装完成安装sentinl后,可能会关闭kibana。启动kibana2。配置sentinl1)。添加钉钉机器人2).添加一个Watchers点击new->点击watchers前面的“加号”复制下面的代码,记得选择enadle,然后选择save,下次可以直接在action中去input,change和save。{“actions”:{“test-dingding”:{“name”:“waring_error_log_push_dingding”,“throttle_period”:“0h1m0s”,“webhook”:{“priority”:“high”,“stateless”:false,“method":"POST","host":"oapi.dingtalk.com","端口":"443","path":"/robot/send?access_token=f4b53a0ea844f914xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","body":"{\"msgtype\":\"markdown\",\"markdown\":{\"title\":\"DEV_time.out\",\"text\":\"#Devwarning\\t\\n###Host|```\\n{{payload.hits.hits.0._index}}\\n```|\\t\\n###项目|```\\n{{payload.hits.hits.0._source.service}}\\n```|\\t\\n###最后一分钟出现次数|```\\n{{payload.hits.total}}\\n```|\\t\\n###告警内容:```\\n{{payload.hits.hits.0._source.message}}\\n```\\t\\n\"}}","params":{"watcher":"{{watcher.title}}","payload_count":"{{payload.hits.total}}"},"headers":{"Content-Type":"application/json"},"auth":"钉钉账号:钉钉Password","message":"BusinessFunctionAlert","use_https":true,"save_payload":false}}},"input":{"search":{"request":{"index":["applog-*"],"正文":{"查询":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":"\"error\""}},{"range":{"@timestamp":{"gte":"now-1h","lte":"now","format":"epoch_millis"}}}],"must_not":[]}}}}}},"condition":{"script":{"script":"payload.hits.total>=1"}},"transform":{},"trigger":{"schedule":{"later":"every20minutes"}},"disable":true,"report":false,"title":"警告和错误日志推送到钉钉"}3.测试
