mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-23 01:39:27 +02:00
update elastalert
This commit is contained in:
parent
9fc9538617
commit
dcf5a2295e
@ -8,16 +8,18 @@ patterns of interest from data in Elasticsearch.
|
||||
|
||||
```bash
|
||||
$ docker-compose run --rm elastalert sh
|
||||
>>> curl -X DELETE http://elasticsearch:9200/elastalert_*
|
||||
>>> elastalert-create-index --config config.yaml
|
||||
>>> elastalert-test-rule --config config.yaml rules/example.yaml
|
||||
>>> elastalert-test-rule --config config.yaml --alert rules/example.yaml
|
||||
>>> exit
|
||||
|
||||
$ docker-compose up -d
|
||||
|
||||
$ docker-compose logs -tf
|
||||
elastalert_1 | 2019-10-30T10:33:31.960452334Z bad things happend
|
||||
elastalert_1 | 2019-10-30T10:42:27.952772739Z bad things happend
|
||||
elastalert_1 | 2019-10-30T10:50:22.808460534Z bad things happend
|
||||
Attaching to elastalert_elastalert_1
|
||||
elastalert_1 | 2019-10-30T13:53:46.193793451Z bad things happen
|
||||
elastalert_1 | 2019-10-30T13:58:45.855636764Z bad things happen
|
||||
elastalert_1 | 2019-10-30T14:03:46.444137134Z bad things happen
|
||||
```
|
||||
|
||||
> ElastAlert will also load new rules, stop running missing rules, and restart
|
||||
|
@ -12,7 +12,7 @@ rules_folder: rules
|
||||
# How often ElastAlert will query elasticsearch
|
||||
# The unit can be anything from weeks to seconds
|
||||
run_every:
|
||||
minutes: 1
|
||||
minutes: 5
|
||||
|
||||
# ElastAlert will buffer results from the most recent
|
||||
# period of time, in case some log sources are not in real time
|
||||
@ -46,4 +46,4 @@ writeback_index: elastalert_status
|
||||
# If an alert fails for some reason, ElastAlert will retry
|
||||
# sending the alert until this time period has elapsed
|
||||
alert_time_limit:
|
||||
hours: 2
|
||||
days: 2
|
||||
|
@ -8,7 +8,10 @@ use_count_query: true
|
||||
num_events: 10
|
||||
|
||||
timeframe:
|
||||
hours: 1
|
||||
minutes: 5
|
||||
|
||||
realert:
|
||||
minutes: 60
|
||||
|
||||
filter:
|
||||
- query:
|
||||
@ -16,11 +19,10 @@ filter:
|
||||
query: 'response:[500 TO *]'
|
||||
|
||||
alert:
|
||||
- command:
|
||||
command: [echo, bad, things, happen]
|
||||
- slack:
|
||||
slack_webhook_url: https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX
|
||||
slack_username_override: ElastAlert
|
||||
slack_channel_override: '#monit'
|
||||
slack_emoji_override: ':bell:'
|
||||
- command
|
||||
|
||||
command: [echo, bad, things, happen]
|
||||
|
@ -5,6 +5,8 @@ services:
|
||||
image: vimagick/elastalert
|
||||
volumes:
|
||||
- ./data:/opt/elastalert
|
||||
environment:
|
||||
- TZ=Asia/Shanghai
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
|
Loading…
Reference in New Issue
Block a user