需要在 Kibana 中创建观察者,每分钟触发一次并在最后一分钟内搜索特定日志并相应地拍摄和发送电子邮件
最佳答案
能够在高级 watch 中创建以下内容
{ "trigger": {
"schedule": {
"interval": "1m"
} }, "input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-1m",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
}
}
}
} }, "condition": {
"script": {
"source": "if (ctx.payload.hits.total > params.threshold) { return true; } return false;",
"lang": "painless",
"params": {
"threshold": 0
}
} }, "actions": {
"email_action": {
"email": {
"profile": "standard",
"attachments": {
"attached_data": {
"data": {
"format": "json"
}
}
},
"to": [
"myemail@gmail.com"
],
"subject": "Winlog Errors Encountered {{ctx.payload.hits.total}} logs",
"body": {
"text": "Too many logs in the system, see attached data"
}
}
} } }
关于elasticsearch - 使用 Watcher 和 Kibana 监控电子邮件日志,在最后一分钟内每分钟触发一次,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58819662/