docker-elk配置sentinl外掛傳送釘釘告警

安裝elk

下載elk docker工具包並啟動 elk 6.6.1

https://github.com/deviantony/docker-elk.git
cd docker-elk && git checkout 366e2bc
複製程式碼

修改docker-compose.yml掛載kibana外掛目錄

vim docker-compose.yml

kibana:
  build:
    context: kibana/
    args:
      ELK_VERSION: $ELK_VERSION
  volumes:
    - ./kibana/config/:/usr/share/kibana/config:ro
    - ./kibana/plugins:/usr/share/kibana/plugins
  ports:
    - "5601:5601"
  networks:
    - elk
  depends_on:
    - elasticsearch
複製程式碼

啟動elk

docker-compose up -d
複製程式碼

安裝sentinl

進入kibana容器內部安裝sentinl 6.6.1

/opt/kibana/bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.6.0-0/sentinl-v6.6.1.zip
複製程式碼

重啟elk docker-compose down && docker-compose up

新增watcher

選擇Watcher Advanced

在釘釘pc客戶端裡生成機器人webhook url並複製

輸入監控配置檔案內容

{
  "actions": {
    "Webhook_683bd385-86b3-46ba-8e1b-f89cccccbbec": {
      "name": "error異常告警",
      "throttle_period": "1m",
      "webhook": {
        "priority": "high",
        "stateless": false,
        "method": "POST",
        "host": "oapi.dingtalk.com",
        "port": "443",
        "path": "/robot/send?access_token=你的釘釘token",
        "body": "{\"msgtype\": \"text\", \"text\": {\"content\":\"index：{{payload.hits.hits.0._index}}\nsource：{{payload.hits.hits.0._source.source}}\nenv：{{payload.hits.hits.0._source.env}}\nthread: {{payload.hits.hits.0._source.thread}}\nmessage:{{payload.hits.hits.0._source.message}}\ntimes:{{payload.hits.total}}\nthrowable: {{payload.hits.hits.0._source.throwable}}\"}}",
        "params": {
          "watcher": "{{watcher.title}}",
          "payload_count": "{{payload.hits.total}}"
        },
        "headers": {
          "Content-Type": "application/json"
        },
        "message": "業務功能告警",
        "use_https": true
      }
    }
  },
  "input": {
    "search": {
      "request": {
        "index": [
          "logstash-*"
        ],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "match": {
                    "level": "ERROR"
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-5m",
                      "lte": "now",
                      "format": "epoch_millis"
                    }
                  }
                }
              ],
              "must_not": []
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "script": "payload.hits.total >=1"
    }
  },
  "trigger": {
    "schedule": {
      "later": "every 5 minutes"
    }
  },
  "disable": true,
  "report": false,
  "title": "釘釘告警",
  "save_payload": false,
  "spy": true,
  "impersonate": false
}
複製程式碼

檢視效果

sentinl 支援多種通知渠道，可根據需求選擇

多種elk報警外掛可供選擇

• github.com/Yelp/elasta…
• docs.flycloud.me/docs/ELKSta…
• blog.52itstyle.vip/archives/31…

可根據需求靈活選擇