一、下载Sentinl插件
下载链接:https://github.com/sirensolutions/sentinl/releases/download/tag-6.6.0-0/sentinl-v6.6.0.zip
PS:Sentinl版本和Kibana版本要一致
二、安装Sentinl插件
cd /usr/local/kibana/bin
./kibana-plugin install file:///usr/local/sentinl-v6.6.0.zip
三、修改 kibana.yml 配置
server.name: kibana
server.port: 5601
server.host: "0.0.0.0"
#elasticsearch.url:
elasticsearch.hosts: ["http://IP:9200"]
xpack.monitoring.ui.container.elasticsearch.enabled: false
# 云服务器时打开这注释,因为云服务器会禁用25端口
# 邮箱,授权码
sentinl:settings:email:active: truessl: trueport: 465user: XXX@163.compassword: XXXhost: smtp.163.comreport:active: false
四、启动 kibana
nohup /usr/local/kibana/bin/kibana &
五、配置报警
Sentinl -- New -- Watcher Advanced
修改模板内容:
{"actions": {"email_html_alarm_a784d6ef-cf2d-40e2-b132-d5ad6dbec78d": {"name": "XXX平台日志异常报警","throttle_period": "1m","email_html": {"to": "****@qq.com", ## 接收邮箱"from": "****@163.com", ## 发送邮箱"stateless": false,"subject": "XXX日志告警","priority": "high","html": "{{payload.hits.hits.0._source.message}}" ## 邮件内容}}},"input": {"search": {"request": {"index": ["one-him*"],"body": {"query": {"bool": {"must": [{"query_string": {"analyze_wildcard": true,"query": "\"异常错误\"" ## 报警触发条件}}],"filter": [{"range": {"@timestamp": {"gte": "now-2m", ## 相对于当前时间"lt": "now"}}}]}}}}}},"condition": {"script": {"script": "payload.hits.total >= 1" ## 一次达到触发条件就报警}},"trigger": {"schedule": {"later": "every 2 minutes" ## 每2分钟读取一次}},"disable": true,"report": false,"title": "XXX项目异常","save_payload": false,"spy": false,"impersonate": false
}
钉钉:
{"actions": {"Webhook_683bd385-86b3-46ba-8e1b-f89cccccbbec": {"name": "Tomcat异常告警","throttle_period": "1m","webhook": {"priority": "high","stateless": false,"method": "POST","host": "oapi.dingtalk.com",","path": "/robot/send?access_token=*********", #写你自己的钉钉机器人地址"body": " {\"msgtype\": \"text\",\r\n \"text\": {\r\n \"content\":\" 异常发生,请处理~ \r\n 主机:{{payload.hits.hits.0._index}} \r\n IP:{{payload.hits.hits.0._source.type}} \r\n 告警内容:{{payload.hits.hits.0._source.message}} \r\n 最近一分钟发生次数:{{payload.hits.total}}\"\r\n } \r\n }","params": {"watcher": "{{watcher.title}}","payload_count": "{{payload.hits.total}}"},"headers": {"Content-Type": "application/json"},"auth": "钉钉账号:钉钉密码", #这个验证可以不要,删掉也没事"message": "业务功能告警","use_https": true}}},"input": {"search": {"request": {"index": ["*-tomcat"],"body": {"query": {"bool": {"must": [{"match": {"level": "ERROR"}},{"range": {"@timestamp": {"gte": "now-1m","lte": "now","format": "epoch_millis"}}}],"must_not": []}}}}}},"condition": {"script": {"script": "payload.hits.total >=1"}},"trigger": {"schedule": {"later": "every 1 minutes"}},"disable": true,"report": false,"title": "钉钉告警","save_payload": false,"spy": true,"impersonate": false}
邮件:
{"actions": {"email_html_alarm_9c8f6d7f-55c7-49f0-863d-ad3363726978": {"name": "api tomcat异常","throttle_period": "1m","email_html": {"from": "*****@tan66.com","to": ["*****@tan66.com","*****@tan66.com"],"stateless": false,"subject": "api tomcat异常","priority": "high","html": "异常发生,请处理~
主机:{{payload.hits.hits.0._index}}
IP:{{payload.hits.hits.0._source.type}}
告警内容:{{payload.hits.hits.0._source.message}}
最近一分钟发生次数:{{payload.hits.total}}"}}},"input": {"search": {"request": {"index": ["kyb-api-tomcat"],"body": {"query": {"bool": {"must": [{"match": {"level": "ERROR"}},{"range": {"@timestamp": {"gte": "now-1m","lte": "now","format": "epoch_millis"}}}],"must_not": []}}}}}},"condition": {"script": {"script": "payload.hits.total >= 1"}},"trigger": {"schedule": {"later": "every 30 seconds"}},"disable": false,"report": false,"title": "api tomcat异常","save_payload": false,"spy": false,"impersonate": false}
相关模板内容:
sentinl的监控&告警实例 - 简书
elk报警监控之sentinl 钉钉+邮件告警
京公网安备 11010802041100号