1、docker安装elk
镜像:sebp/elk
挂出的端口:5044,5601,9200,9300
2、进入容器,安装sentinl插件
进入kibana安装目录:/etc/kibana/bin ,执行:
./kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.2.3-3/sentinl-v6.2.4.zip安装完成后重启elk容器
3、获取钉钉报警机器人的webhook链接
在sentinl里面加一个watcher:
Input填入:
{
"search": {
"request": {
"index": [
"*"
],
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"query": "\"error\""
}
},
{
"range": {
"@timestamp": {
"gte": "now-10m",
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
}
}
}{
"script": {
"script": "payload.hits.total > 1"
}
}添加一个webhook的action:
以上所有配置根据自己需要修改,附上钉钉的demo地址:
https://open-doc.dingtalk.com/docs/doc.htm?spm=a219a.7629140.0.0.karFPe&treeId=257&articleId=105735&docType=1#s0
成功报警。
感谢观看,有问题有建议有意见请留言,谢谢!