kibanna默认是没有日志报警等功能,本来想着yelp写了个插件elasticalert,但是配置文件搞了半天也没搞懂,看到kibana有个x-pack功能,体验一下喽。

 安装

kibana

./bin/kibana-plugin install x-pack

elasticsearch

./bin/elasticsearch-plugin install x-pack

连接

地址: kibana地址:5601
账号: elastic
密码: changeme

欣赏

// 带有monitor功能,可以看到延迟等信息 mark

// 说明,只能使用1个月哦 mark

watcher

  • 查看当前watcher是否开启

    [root@t228 ~]# curl "http://elastic:changeme@192.168.3.228:9200/_xpack/watcher/stats"
    {"watcher_state":"started","watch_count":0,"execution_thread_pool":{"queue_size":0,"max_size":0},"manually_stopped":false}[root@t228 ~]#
    
  • 添加一个错误的watcher ``` [root@t228 ~]# curl -vX PUT http://elastic:changeme@192.168.3.228:9200/_xpack/watcher/watch/errors_in_logs -d @error.json \

    --header "Content-Type: application/json"

  • About to connect() to 192.168.3.228 port 9200 (#0)
  • Trying 192.168.3.228... connected
  • Connected to 192.168.3.228 (192.168.3.228) port 9200 (#0)
  • Server auth using Basic with user 'elastic'

    PUT /_xpack/watcher/watch/errors_in_logs HTTP/1.1 Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ== User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 Host: 192.168.3.228:9200 Accept: / Content-Type: application/json Content-Length: 258

    < HTTP/1.1 201 Created < content-type: application/json; charset=UTF-8 < content-length: 52 <

  • Connection #0 to host 192.168.3.228 left intact
  • Closing connection #0 {"_id":"errors_in_logs","_version":1,"created":true}[root@t228 ~]# ```
# file: error.json

{
  "trigger" : {
    "schedule" : { "interval" : "10s" } 
  },
  "input" : {
    "search" : {
      "request" : {
        "indices" : [ "logs" ],
        "body" : {
          "query" : {
            "match" : { "message": "error" }
          }
        }
      }
    }
  }
}
  • 再次查看当前的watcher, count已经是1了。
    [root@t228 ~]# curl "http://elastic:changeme@192.168.3.228:9200/_xpack/watcher/stats"
    {"watcher_state":"started","watch_count":1,"execution_thread_pool":{"queue_size":0,"max_size":6},"manually_stopped":false}[root@t228 ~]#
    

目前没法向下走了, 研发人员和运维人员的脑袋虽然都是蛋白质,可是想法真不一样,来个邮件报警不就得了,哎, doc里面又是一堆put post, 然后还有contition啥的,太浪了。

参考:

https://www.elastic.co/guide/en/x-pack/current/watch-log-data.html

Copyright © opschina.org 2017 with zzlyzq@gmail.com all right reserved,powered by Gitbook该文件修订时间: 2017-07-11 11:32:48

results matching ""

    No results matching ""