kibanna默认是没有日志报警等功能,本来想着yelp写了个插件elasticalert,但是配置文件搞了半天也没搞懂,看到kibana有个x-pack功能,体验一下喽。
安装
kibana
./bin/kibana-plugin install x-packelasticsearch
./bin/elasticsearch-plugin install x-pack连接
地址: kibana地址:5601
账号: elastic
密码: changeme欣赏
// 带有monitor功能,可以看到延迟等信息
// 说明,只能使用1个月哦
watcher
- 查看当前watcher是否开启
[root@t228 ~]# curl "http://elastic:changeme@192.168.3.228:9200/_xpack/watcher/stats"
{"watcher_state":"started","watch_count":0,"execution_thread_pool":{"queue_size":0,"max_size":0},"manually_stopped":false}[root@t228 ~]#- 添加一个错误的watcher
[root@t228 ~]# curl -vX PUT http://elastic:changeme@192.168.3.228:9200/_xpack/watcher/watch/errors_in_logs -d @error.json \
> --header "Content-Type: application/json"
* About to connect() to 192.168.3.228 port 9200 (#0)
* Trying 192.168.3.228... connected
* Connected to 192.168.3.228 (192.168.3.228) port 9200 (#0)
* Server auth using Basic with user 'elastic'
> PUT /_xpack/watcher/watch/errors_in_logs HTTP/1.1
> Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 192.168.3.228:9200
> Accept: */*
> Content-Type: application/json
> Content-Length: 258
>
< HTTP/1.1 201 Created
< content-type: application/json; charset=UTF-8
< content-length: 52
<
* Connection #0 to host 192.168.3.228 left intact
* Closing connection #0
{"_id":"errors_in_logs","_version":1,"created":true}[root@t228 ~]## file: error.json
{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
}
}
- 再次查看当前的watcher, count已经是1了。
[root@t228 ~]# curl "http://elastic:changeme@192.168.3.228:9200/_xpack/watcher/stats"
{"watcher_state":"started","watch_count":1,"execution_thread_pool":{"queue_size":0,"max_size":6},"manually_stopped":false}[root@t228 ~]# 目前没法向下走了, 研发人员和运维人员的脑袋虽然都是蛋白质,可是想法真不一样,来个邮件报警不就得了,哎, doc里面又是一堆put post, 然后还有contition啥的,太浪了。
参考:
https://www.elastic.co/guide/en/x-pack/current/watch-log-data.html