沪ICP备2021032517号-1

Elasticsearch Watcher 告警配置

  |   0 评论   |   0 浏览

should匹配错误日志中的多个条件

{
  "trigger": {
    "schedule": {
      "interval": "3m"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          ".watcher-history*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "size": 500,
          "aggs": {
            "dateAgg": {
              "date_histogram": {
                "field": "@timestamp",
                "time_zone": "Asia/Shanghai",
                "interval": "1m",
                "min_doc_count": 1
              }
            }
          },
          "sort": [
            {
              "trigger_event.triggered_time": {
                "order": "desc"
              }
            }
          ],
          "_source": [
            "result.transform.chain.results.payload.hits.hits._id"
          ],
          "query": {
            "bool": {
              "must": [],
              "filter": [
                {
                  "match_all": {}
                },
                {
                  "match_phrase": {
                    "watch_id": {
                      "query": "{{ctx.watch_id}}"
                    }
                  }
                },
                {
                  "range": {
                    "trigger_event.triggered_time": {
                      "from": "{{ctx.trigger.scheduled_time}}||-3m",
                      "to": "{{ctx.trigger.triggered_time}}"
                    }
                  }
                }
              ]
            }
          }
        }
      }
    }
  },
  "condition": {
    "always": {}
  },
  "actions": {
    "webhook_dingding": {
      "condition": {
        "script": {
          "source": "return ctx.payload.hits.length > 0",
          "lang": "painless"
        }
      },
      "foreach": "ctx.payload.hits",
      "max_iterations": 1,
      "webhook": {
        "scheme": "http",
        "host": "10.10.0.7",
        "port": 3333,
        "method": "post",
        "path": "/robot/send",
        "params": {
          "access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
        },
        "headers": {
          "Content-Type": "application/json;charset=utf-8"
        },
        "body": "{{#toJson}}ctx.payload{{/toJson}}"
      }
    }
  },
  "transform": {
    "chain": [
      {
        "script": {
          "source": """
            	  List list = new ArrayList();
            	  if(ctx.payload.hits.hits == null || ctx.payload.hits.hits.length == 0){
            	    return ["ids": ""];
            	  }
            	  int i=1;
        		  for(def item : ctx.payload.hits.hits){
        		    if(item._source.result == null){
        		        continue;
        		    }
        		    if(item._source.result.transform.chain.results == null || item._source.result.transform.chain.results.length == 0){
        		        continue;
        		    }
        		  
        		    for(def last : item._source.result.transform.chain.results[0].payload.hits.hits){
        		        list.add(last._id);
        		    }
        		  }
            	  return ["ids": list.join(',')];""",
          "lang": "painless"
        }
      },
      {
        "search": {
          "request": {
            "search_type": "query_then_fetch",
            "indices": [
              "<test-bt-app-api-{now/d}>"
            ],
            "rest_total_hits_as_int": true,
            "body": {
              "size": 1,
              "aggs": {
                "dateAgg": {
                  "date_histogram": {
                    "field": "@timestamp",
                    "time_zone": "Asia/Shanghai",
                    "interval": "1m",
                    "min_doc_count": 2
                  }
                }
              },
              "query": {
                "bool": {
                  "must": [
                   {
                      "range": {
                        "@timestamp": {
                          "from": "{{ctx.trigger.scheduled_time}}||-2m",
                          "to": "{{ctx.trigger.triggered_time}}"
                        }
                      }
                    }
                    ],
                  "should": [
                    {
                      "match_phrase": {
                        "message": {
                          "query": "注册的返回值"
                        }
                      }
                    },
                    {
                      "match_phrase": {
                        "message": {
                          "query": "调接口的返回值"
                        }
                      }
                    }
                  ],
                  "minimum_should_match": 1,
                  "must_not": []
                }
              },
              "sort": [
                {
                  "@timestamp": "desc"
                }
              ]
            }
          }
        }
      },
      {
        "script": {
          "source": """
            	  List list = new ArrayList();
            	  if(ctx.payload.hits.hits.length == 0){
            	    return ["hits": []];
            	  }
            	  int i=1;
        		  for(def item : ctx.payload.hits.hits){
        		    def content = [
        		        "title": "【test环境】有新的错误日志(共"+ctx.payload.hits.hits.length+"条, 第"+i+"条), 请查看",
        		        "text":  "# 【test】有新的错误日志(共" + ctx.payload.hits.hits.length + "条, 第"+i+"条), 请查看"
        		        + "  
***  
"
                        + "**服务名:** " + item._source.kubernetes.container.name + "  
"
                        + "**时间:** " + item._source.timestamp + "  
"
                        + "**trace_id:** " + item._source.trace_id + "  
"
                        + "**Message:** " + item._source.message + ""
        		    ];
        		    list.add(["msgtype": "markdown", "markdown": content, "at": ["isAtAll": true]]);
        			i++;
        		  }
            	  return ["hits": list];""",
          "lang": "painless"
        }
      }
    ]
  }
}
标题:Elasticsearch Watcher 告警配置
作者:zifuy
地址:https://www.zifuy.cn/articles/2024/01/04/1704334632922.html