elastalert未使用slack channel发出警报

vuktfyat 于 2021-06-15 发布在 ElasticSearch

关注(0)|答案(0)|浏览(431)

我正在用slack设置elastalert警报系统。
这是elastalert配置。

s_host: localhost
es_port: 9200
name: Slack rule
type: frequency
index: filebeat-*
num_events: 1
timeframe:
  minutes: 1
filter:
- term:
    msg: "proper name is required"
alert:
- "slack"
slack_webhook_url: "https://hooks.slack.com/services/SSDFRD/SDDDDS/XXXSDDDSDDDDDDDSS"
slack_channel_override: "#kibana"
slack_username_override: "@anand"

低于错误

ERROR:root:Error finding recent pending alerts: RequestError(400, 'search_phase_execution_exception', 'No mapping found for [alert_time] in order to sort on') 
{
   "query":{
      "bool":{
         "must":{
            "query_string":{
               "query":"!_exists_:aggregate_id AND alert_sent:false"
            }
         },
         "filter":{
            "range":{
               "alert_time":{
                  "from":"2020-08-25T13:33:31.764880Z",
                  "to":"2020-08-27T13:33:31.764901Z"
               }
            }
         }
      }
   },
   "sort":{
      "alert_time":{
         "order":"asc"
      }
   }
}

ElasticSearch记录

{
_index: "filebeat-log",
_type: "doc",
_id: "m3DVLnQBAkDXq2X4hDio",
_score: 1,
_source: {
time: "2020-08-27T07:32:58.075Z",
msg: "proper name is required",
name: "myApp",
v: 0,
@timestamp: "2020-08-27T07:32:59.048Z",
host: "AMM00361",
pid: 5026,
level: 50,
hostname: "AMM00361",
type: "myApp",
@version: "1",
path: "/var/log/myapp-error.log"
}
}

运行elastalert服务后，我无法在slack中获取警报消息。
请分享你的想法！

elasticsearch python kibana filebeat elastalert

来源：https://stackoverflow.com/questions/63617244/elastalert-is-not-alerting-with-slack-channel

暂无答案！

目前还没有任何答案，快来回答吧！

我来回答

elastalert未使用slack channel发出警报

暂无答案！

相关问题

热门标签

最新问答