Sentinl简介
Sentinl 5扩展自Kibi / Kibana 5,具有警报和报告功能,可使用标准查询,可编程验证器和各种可配置操作来监控,通知和报告数据系列更改 - 将其视为一个独立的“观察者” “报告”功能(PNG / PDFs快照)。
SENTINEL还旨在通过直接在Kibana UI中整合来简化在Kibi / Kibana中创建和管理警报和报告的过程。
功能模块
Watchers
Alarms
Reports
Watchers是Sentinl核心,主要由 input,Condition,Transform,Actions几大块组成,可以和X-Pack一一对应,部分文档可参考X-Pack,但需要注意的是它和X-Pack还有一些区别,主要体现在input只实现了search,其他并未实现,Actions也并未都实现
安装与配置
/usr/share/kibana/bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-5.5/sentinl-v5.6.5.zip
kibana.yml config:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| sentinl:
es:
timefield: '@timestamp'
default_index: watcher
type: watch
alarm_index: watcher_alarms
sentinl:
history: 20
results: 50
settings:
email:
active: false
user: username
password: password
host: smtp.server.com
ssl: true
timeout: 10000
slack:
active: false
username: username
hook: 'https://hooks.slack.com/services/<token>'
channel: '#channel'
report:
active: false
tmp_path: /tmp/
pushapps:
active: false
api_key: '<pushapps API Key>'
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
| "input": {
"search": {
"request": {
"index": [
"<xxx-{now/d}>"
],
"body": {
"query": {
"bool": {
"should": [
{
"match": {
"status": "502"
}
},
{
"match": {
"status": "404"
}
}
],
"minimum_should_match": 1,
"filter": {
"range": {
"@timestamp": {
"gte": "now-60s",
"lte": "now"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total > 30"
}
},
|