我正在用slack设置elastalert警报系统。
这是elastalert配置。
s_host: localhost
es_port: 9200
name: Slack rule
type: frequency
index: filebeat-*
num_events: 1
timeframe:
minutes: 1
filter:
- term:
msg: "proper name is required"
alert:
- "slack"
slack_webhook_url: "https://hooks.slack.com/services/SSDFRD/SDDDDS/XXXSDDDSDDDDDDDSS"
slack_channel_override: "#kibana"
slack_username_override: "@anand"低于错误
ERROR:root:Error finding recent pending alerts: RequestError(400, 'search_phase_execution_exception', 'No mapping found for [alert_time] in order to sort on')
{
"query":{
"bool":{
"must":{
"query_string":{
"query":"!_exists_:aggregate_id AND alert_sent:false"
}
},
"filter":{
"range":{
"alert_time":{
"from":"2020-08-25T13:33:31.764880Z",
"to":"2020-08-27T13:33:31.764901Z"
}
}
}
}
},
"sort":{
"alert_time":{
"order":"asc"
}
}
}ElasticSearch记录
{
_index: "filebeat-log",
_type: "doc",
_id: "m3DVLnQBAkDXq2X4hDio",
_score: 1,
_source: {
time: "2020-08-27T07:32:58.075Z",
msg: "proper name is required",
name: "myApp",
v: 0,
@timestamp: "2020-08-27T07:32:59.048Z",
host: "AMM00361",
pid: 5026,
level: 50,
hostname: "AMM00361",
type: "myApp",
@version: "1",
path: "/var/log/myapp-error.log"
}
}运行elastalert服务后,我无法在slack中获取警报消息。
请分享你的想法!
暂无答案!
目前还没有任何答案,快来回答吧!