http://elastalert.readthedocs.io/en/latest/running_elastalert.html#tutorial

最近在想,是不是elk里面也有针对日志的关键字一些报警,然后就搜索到了这个项目,从配置上看,可以有关键字设置,先mark下。

# From example_rules/example_frequency.yaml
es_host: elasticsearch.example.com
es_port: 14900
name: Example rule
type: frequency
index: logstash-*
num_events: 50
timeframe:
    hours: 4
filter:
- term:
    some_field: "some_value"
alert:
- "email"
email:
- "elastalert@example.com"
Copyright © opschina.org 2017 with zzlyzq@gmail.com all right reserved,powered by Gitbook该文件修订时间: 2017-07-11 11:32:48

results matching ""

    No results matching ""