{
"actions": {
"Email_alarm_480afd92-0c2a-460c-88d3-4c3027196d2a": {
"name": "发送邮件的标题",
"throttle_period": "1",
"email": {
"priority": "medium",
"stateless": false,
"body": "邮件实际内容可以如下格式
{{payload.hits.total}}\r\n\r\n
{{payload.hits.hits.0._source.message}}\r\n
{{payload.hits.hits.0._source.host}}\r\n",
"to": "邮件接受人",
"subject": "邮件的subject"
}
}
},
"input": {
"search": {
"request": {
"index": [
"elk日志名称,可以使用*号通配符"
],
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "查询的关键字",
"use_dis_max": true
}
},
{
"range": {
"@timestamp": {
"gte": "now-1m",
"lte": "now",
"format": "epoch_millis"
}
}
}
],
"must_not": [
{
"query_string": {
"query": "不匹配的内容",
"use_dis_max": true
}
},
{
"query_string": {
"query": "获取PromoteInfoEnum为null",
"use_dis_max": true
}
}
]
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total >= 300"
}
},
"trigger": {
"schedule": {
"later": "every 5 minutes"
}
},
"disable": false,
"report": false,
"title": "监控名字",
"save_payload": false,
"spy": false,
"impersonate": false
}