需要在Kibana中创建监视程序,该监视程序每分钟触发一次,并在最后一分钟内搜索特定日志,并相应地进行拍摄和发送电子邮件
sunqilove 回答:使用Watcher和Kibana进行电子邮件日志监控,以触发每分钟的持续时间
能够在高级手表中创建以下内容
{ "trigger": {
"schedule": {
"interval": "1m"
} },"input": {
"search": {
"request": {
"search_type": "query_then_fetch","indices": [
"*"
],"rest_total_hits_as_int": true,"body": {
"size": 0,"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-1m","lte": "{{ctx.trigger.scheduled_time}}","format": "strict_date_optional_time||epoch_millis"
}
}
}
}
}
}
}
} },"condition": {
"script": {
"source": "if (ctx.payload.hits.total > params.threshold) { return true; } return false;","lang": "painless","params": {
"threshold": 0
}
} },"actions": {
"email_action": {
"email": {
"profile": "standard","attachments": {
"attached_data": {
"data": {
"format": "json"
}
}
},"to": [
"myemail@gmail.com"
],"subject": "Winlog Errors Encountered {{ctx.payload.hits.total}} logs","body": {
"text": "Too many logs in the system,see attached data"
}
}
} } }