x-pack watch邮件报警配置

参考网址：

https://www.cnblogs.com/reboot51/p/8328720.html https://www.elastic.co/guide/en/x-pack/5.6/actions-email.html #邮件设置

elasticsearch 配置

xpack.notification.email.account:     exchange_account:         profile: outlook         email_defaults:             from: info@mail.xxx.com         smtp:             auth: true             starttls.enable: false             host: smtpdm.aliyun.com             port: 25             user: info@mail.xxx.com             password: hkxxx2016

watcher 配置

1.syslog 数量监控

{   "trigger": {     "schedule": {       "interval": "1m"     }   },   "input": {     "search": {       "request": {         "search_type": "query_then_fetch",         "indices": [           "syslog-*"         ],         "types": [],         "body": {           "size": 0,           "query": {             "range": {               "@timestamp": {                 "gt": "now-1m"               }             }           },           "sort": [             {               "@timestamp": {                 "order": "desc"               }             }           ]         }       }     }   },   "condition": {     "compare": {       "ctx.payload.hits.total": {         "gte": 10       }     }   },   "actions": {     "email": {       "throttle_period_in_millis": 60000,       "email": {         "profile": "outlook",         "priority": "high",         "to": [           "liyf02@abc.com"         ],         "subject": "syslog 产生{{ctx.payload.hits.total}}条记录 ",         "body": {           "html": "<html><h3>syslog索引 一分钟内产生{{ctx.payload.hits.total}}条记录,请注意查看</h3></html>"         }       }     }   } }

2.elastic 状态报警

{   "trigger": {     "schedule": {       "interval": "1m"     }   },   "input": {     "http": {       "request": {         "scheme": "http",         "host": "10.25.234.176",         "port": 9200,         "method": "get",         "path": "/_cluster/health",         "params": {},         "headers": {}       }     }   },   "condition": {     "compare": {       "ctx.payload.status": {         "not_eq": "green"       }     }   },   "actions": {     "email": {       "throttle_period_in_millis": 60000,       "email": {         "profile": "outlook",         "priority": "high",         "to": [           "liyf02@abc.com"         ],         "subject": "elasticsearch状态为{{ctx.payload.status}},注意查看",         "body": {           "html": "<html><h3>elasticsearch状态为{{ctx.payload.status}},注意查看！</h3></html>"         }       }     }   } }

3.延时报警

{   "trigger": {     "schedule": {       "cron": "0/30 * 1-6 ? * 2-6"     }   },   "input": {     "search": {       "request": {         "search_type": "query_then_fetch",         "indices": [           "simulation_adjust_job*"         ],         "types": [],         "body": {           "size": 0,           "query": {             "bool": {               "must": [                 {                   "query_string": {                     "query": "task_accumulative_time_consuming:>3000"                   }                 },                 {                   "range": {                     "@timestamp": {                       "gt": "now-30s"                     }                   }                 }               ]             }           },           "sort": [             {               "@timestamp": {                 "order": "desc"               }             }           ]         }       }     }   },   "condition": {     "compare": {       "ctx.payload.hits.total": {         "gte": 3       }     }   },   "actions": {     "email": {       "throttle_period_in_millis": 60000,       "email": {         "profile": "outlook",         "priority": "high",         "to": [           "liyf02@abc.com"         ],         "subject": "【严重】模拟交易成交时间",         "body": {           "html": "<html><h3>30s内成交时间超过3秒的有{{ctx.payload.hits.total}}条记录,请注意查看！</h3></html>"         }       }     }   } }

原文：http://blog.51cto.com/billy98/2131990

标签

payload