elasticsearch - 由于假阳性病例,周日早上放松 elastalert

标签 elasticsearch elastalert

我在 elastalert 中有一条规则,如果两小时内没有付款,则会发送通知。
我还有一个匹配增强功能,每晚从 0:00 到 8:00 AM 都会删除这些通知:

from elastalert.enhancements import BaseEnhancement, DropMatchException
import datetime
import time
import sys

def datetime_from_utc_to_local(utc_datetime):
    now_timestamp = time.time()
    offset = datetime.datetime.fromtimestamp(now_timestamp) - datetime.datetime.utcfromtimestamp(now_timestamp)
    return utc_datetime + offset

class DropFrom00To06(BaseEnhancement):
    def process(self, match):
        dateformat = "%Y-%m-%dT%H:%M:%S"
        exceptional_dateformat = "%Y-%m-%dT%H:%M:%SZ"
        timestamp = match['@timestamp'].split(".")[0]
        try:
            timestamp = datetime.datetime.strptime(timestamp, dateformat)
        except ValueError:
            timestamp = datetime.datetime.strptime(timestamp, exceptional_dateformat)
        except:
            print("Unexpected error:", sys.exc_info()[0])
            raise
        timestamp = datetime_from_utc_to_local(timestamp)
        timePart = timestamp.time()
        if timePart >= datetime.time(00, 00) and timePart <= datetime.time(8, 00):
            raise DropMatchException()

但是现在我还想为周日早上(人们大部分时间 sleep )添加一个“放松”,并从上午 0:00 到上午 10:00 引发 DropMatchException。
我怎样才能做到这一点?

最佳答案

解决方案是这样的:

from elastalert.enhancements import BaseEnhancement, DropMatchException
import datetime
import time
import sys

def datetime_from_utc_to_local(utc_datetime):
    now_timestamp = time.time()
    offset = datetime.datetime.fromtimestamp(now_timestamp) - datetime.datetime.utcfromtimestamp(now_timestamp)
    return utc_datetime + offset

class DropFrom00To06(BaseEnhancement):
    def process(self, match):
        dateformat = "%Y-%m-%dT%H:%M:%S"
        exceptional_dateformat = "%Y-%m-%dT%H:%M:%SZ"
        timestamp = match['@timestamp'].split(".")[0]
        try:
            timestamp = datetime.datetime.strptime(timestamp, dateformat)
        except ValueError:
            timestamp = datetime.datetime.strptime(timestamp, exceptional_dateformat)
        except:
            print("Unexpected error:", sys.exc_info()[0])
            raise
        timestamp = datetime_from_utc_to_local(timestamp)
        timePart = timestamp.time()
        d = timestamp.date()
        day = d.weekday()
        elif day == 6 and timePart >= datetime.time(00, 00) and timePart <= datetime.time(10, 00):
            raise DropMatchException()
        elif timePart >= datetime.time(00, 00) and timePart <= datetime.time(8, 00):
            raise DropMatchException()

关于elasticsearch - 由于假阳性病例,周日早上放松 elastalert,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45922608/

上一篇:c# - 使用C#在Elasticsearch中搜索电话号码对象

下一篇:php - 使用Android Studio将音频文件上传到服务器

相关文章:

jhipster - 监控 JHipster 错误启动 jhipster-alerter

elasticsearch - 当与查询匹配的所有文档的字段总和超过某个值时,如何触发 elastalert

elasticsearch - 在elastalert-test-rule或执行规则时未收到警报

elasticsearch - 如何在同一路径的多个嵌套子查询中返回多个内部命中?

python - 如何查询Elasticsearch以按特定字段提升

elasticsearch - spring-data-elasticsearch-在同一字段上注释@Id时,@ Field映射类型将被忽略

json - 由于淘汰了.json文件中的事件,导致Kibana中的事件丢失

docker - 在docker容器中将logstash作为dameon运行

©2024 IT工具网  联系我们