1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-23 01:39:27 +02:00

update elastalert

This commit is contained in:
kev 2019-10-30 23:40:46 +08:00
parent 9fc9538617
commit dcf5a2295e
4 changed files with 16 additions and 10 deletions

View File

@ -8,16 +8,18 @@ patterns of interest from data in Elasticsearch.
```bash
$ docker-compose run --rm elastalert sh
>>> curl -X DELETE http://elasticsearch:9200/elastalert_*
>>> elastalert-create-index --config config.yaml
>>> elastalert-test-rule --config config.yaml rules/example.yaml
>>> elastalert-test-rule --config config.yaml --alert rules/example.yaml
>>> exit
$ docker-compose up -d
$ docker-compose logs -tf
elastalert_1 | 2019-10-30T10:33:31.960452334Z bad things happend
elastalert_1 | 2019-10-30T10:42:27.952772739Z bad things happend
elastalert_1 | 2019-10-30T10:50:22.808460534Z bad things happend
Attaching to elastalert_elastalert_1
elastalert_1 | 2019-10-30T13:53:46.193793451Z bad things happen
elastalert_1 | 2019-10-30T13:58:45.855636764Z bad things happen
elastalert_1 | 2019-10-30T14:03:46.444137134Z bad things happen
```
> ElastAlert will also load new rules, stop running missing rules, and restart

View File

@ -12,7 +12,7 @@ rules_folder: rules
# How often ElastAlert will query elasticsearch
# The unit can be anything from weeks to seconds
run_every:
minutes: 1
minutes: 5
# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
@ -46,4 +46,4 @@ writeback_index: elastalert_status
# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
hours: 2
days: 2

View File

@ -8,7 +8,10 @@ use_count_query: true
num_events: 10
timeframe:
hours: 1
minutes: 5
realert:
minutes: 60
filter:
- query:
@ -16,11 +19,10 @@ filter:
query: 'response:[500 TO *]'
alert:
- command:
command: [echo, bad, things, happen]
- slack:
slack_webhook_url: https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX
slack_username_override: ElastAlert
slack_channel_override: '#monit'
slack_emoji_override: ':bell:'
- command
command: [echo, bad, things, happen]

View File

@ -5,6 +5,8 @@ services:
image: vimagick/elastalert
volumes:
- ./data:/opt/elastalert
environment:
- TZ=Asia/Shanghai
restart: unless-stopped
networks: