导航：首页 > 服务器 >

kibana日志告警

发表于：2025-12-05 作者：千家信息网编辑

千家信息网最后更新 2025年12月05日，1.下载相应版本的sentinl wget https://github.com/sirensolutions/sentinl/releases/download/tag-6.6.1/sentin

千家信息网最后更新 2025年12月05日kibana日志告警

1.下载相应版本的sentinl

  wget  https://github.com/sirensolutions/sentinl/releases/download/tag-6.6.1/sentinl-v6.6.1.zip

2.kiban集成安装插件

  kibana-plugin  install  file:///home/cloud/software/sentinl-v6.6.1.zip

3.配置邮件

sentinl:  settings:    email:      active: true      user: l用户名      password: 邮箱客户端授权码      host: smtp.exmail.qq.com      ssl: true      port: 465      timeout: 10000

4.重启kibana

systemctl restart kibana

5.kibana设置

6.查看高级配置

{  "actions": {    "email_html_alarm_76b83c8f-0f4a-4db5-8a15-185933e17ca2": {      "name": "项目credit-manager日志告警",      "throttle_period": "2m",      "email_html": {        "stateless": false,        "subject": "项目credit-manager日志告警",        "priority": "medium",        "html": "Hi {{watcher.username}}
\nThere are {{payload.hits.total}} results found by the watcher {{watcher.title}}.
\n\n\n  
\n  This watcher sends alerts based on the following criteria:
\n  {{watcher.wizard.chart_query_params.queryType}} of {{watcher.wizard.chart_query_params.over.type}} over the last {{watcher.wizard.chart_query_params.last.n}} {{watcher.wizard.chart_query_params.last.unit}} {{watcher.wizard.chart_query_params.threshold.direction}} {{watcher.wizard.chart_query_params.threshold.n}} in index {{watcher.wizard.chart_query_params.index}}
\n
\n\n\n异常信息如下:\n{{#payload.hits.hits}} {{_source.message}} \n \n \n{{/payload.hits.hits}} \n
",        "to": "w67307788@163.com",        "from": "lii@linccc.com"      }    },    "Webhook_f3303006-a643-42f6-a2ff-8d4066d18c3a": {      "name": "项目credit-manager日志告警",      "throttle_period": "2m",      "webhook": {        "priority": "medium",        "stateless": false,        "method": "POST",        "host": "oapi.dingtalk.com",        "port": "443",        "path": "/robot/send?access_token=token",        "body": "{\r\n    \"msgtype\": \"markdown\",\r\n    \"at\": {\r\n        \"isAtAll\": \"True\"\r\n    },\r\n    \"markdown\": {\r\n        \"title\": \"异常消息\",\r\n        \"text\": \" credit-manager项目异常日志: \\n {{#payload.hits.hits}} {{_source.message}} \r\n \r\n{{/payload.hits.hits}}\"\r\n    }\r\n}",        "params": {          "watcher": "{{watcher.title}}",          "payload_count": "{{payload.hits.total}}"        },        "headers": {          "Content-Type": "application/json"        },        "message": "credit-manager项目生产环境异常",        "use_https": true      }    }  },  "input": {    "search": {      "request": {        "index": [          "credit-manager-*"        ],        "body": {          "query": {            "bool": {              "must": {                "match": {                  "message": "ERROR"                }              },              "filter": {                "range": {                  "@timestamp": {                    "gte": "now-3m/m",                    "lte": "now/m",                    "format": "epoch_millis"                  }                }              }            }          },          "size": 2,          "aggs": {            "dateAgg": {              "date_histogram": {                "field": "@timestamp",                "time_zone": "Asia/Shanghai",                "interval": "1m",                "min_doc_count": 1              }            }          }        }      }    }  },  "condition": {    "script": {      "script": "payload.hits.total >= 1"    }  },  "trigger": {    "schedule": {      "later": "every 1 minutes"    }  },  "disable": false,  "report": false,  "title": "credit-manager项目告警",  "wizard": {},  "save_payload": false,  "spy": false,  "impersonate": false}

测试：

很赞哦！