时间戳

首页 > 解决方案 > ElastAlert 获得 0 次点击

elasticsearch - ElastAlert 获得 0 次点击

问题描述

我正在使用 Elastalert 发送 Kibana 电子邮件警报。我做了所有的设置,后缀也工作正常,但我没有收到任何点击和警报。以下是我的 config.yaml 和 frequency.yaml:

频率.yaml

# Rule name, must be unique
name: Test email alerts

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency

# (Required)
# Index to search, wildcard supported
index: index-*

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 1

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
  minutes: 1

# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- term:
   log: "Performed Task"

# (Required)
# The alert is use when a match is found
alert:
- "email"

# (required, email specific)
# a list of email addresses to send alerts to
email:
- "abc@gmail.com"

配置.yaml

# Any .yaml file will be loaded as a rule
rules_folder: example_rules

# How often ElastAlert will query Elasticsearch
# The unit can be anything from weeks to seconds
run_every:
  minutes: 1

# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 15

# The Elasticsearch hostname for metadata writeback
# Note that every rule can have its own Elasticsearch host
es_host: *host*

# The Elasticsearch port
es_port: 9200
es_username: username
es_password: password

elastalert-test-rule rules_folder/frequency.yaml 的输出

/usr/lib/python3/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.25.4) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
            To send them but remain verbose, use --verbose instead.
Didn't get any results.
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
                To send them but remain verbose, use --verbose instead.
1 rules loaded
INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts
INFO:elastalert:Queried rule Test email alerts from 2021-07-17 23:21 UTC to 2021-07-17 23:22 UTC: 0 / 0 hits

Would have written the following documents to writeback index (default is elastalert_status):

elastalert_status - {'rule_name': 'Test email alerts', 'endtime': datetime.datetime(2021, 7, 17, 23, 22, 7, 154742, tzinfo=tzutc()), 'starttime': datetime.datetime(2021, 7, 17, 23, 21, 6, 554742, tzinfo=tzutc()), 'matches': 0, 'hits': 0, '@timestamp': datetime.datetime(2021, 7, 17, 23, 22, 7, 183348, tzinfo=tzutc()), 'time_taken': 0.008371829986572266}

谁能帮助我为什么我没有点击?

标签: elasticsearchkibanaelastalert

解决方案

推荐阅读