Input 通用输入模板:
[codesyntax lang=”html4strict”]
{
"search": {
"request": {
"index": [
"日志-*"
],
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "error", //查询关键字
"use_dis_max": true
}
},
{
"range": {
"@timestamp": {
"gte": "now-1m", //查询1分钟范围内
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
}
}
}
[/codesyntax]
Condition:设置触发条件
[codesyntax lang=”html4strict”]
{
"script": {
"script": "payload.hits.total > 200" //1分钟内错误200次后预警
}
}
[/codesyntax]
Action —->Body:即邮件的内容
[codesyntax lang=”html4strict”]
来自线上APP2的错误日志预警信息:
一分钟内错误总数:{{payload.hits.total}}
服务器:{{payload.hits.hits.0._source.host}}
日志时间:{{payload.hits.hits.0._source.@timestamp}}
相关错误信息:{{payload.hits.hits.0._source.message}}
[/codesyntax]