在菜单里找到Stack Management—->Watcher—->创建高级监视以 JSON 格式设置定制监视,写入如下json,然后点击测试,确定json没问题,钉钉收到通知即可。
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"cloudflare-log*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"must": {
"match": {
"cloudflare.FirewallMatchesRuleIDs": "5be2bdb0b6db4bf8afb702d476ef6fb9"
}
},
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-5h",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "if (ctx.payload.hits.total > params.threshold) { return true; } return false;",
"lang": "painless",
"params": {
"threshold": 1
}
}
},
"actions": {
"sms_alter": {
"webhook": {
"scheme": "https",
"host": "oapi.dingtalk.com",
"port": 443,
"method": "post",
"path": "/robot/send",
"params": {
"access_token": "钉钉token"
},
"headers": {
"content-type": "application/json"
},
"body": """{"msgtype": "text","text": {"content":"触发阀值:
{{ctx.payload.hits.total}}"}}"""
}
}
}
}