Files
Work-configuration-file/ElastAlert2规则文件/prod-flymoon-email_v2.yaml

99 lines
2.8 KiB
YAML
Raw Normal View History

2025-10-07 15:58:15 +08:00
name: "flymoon-email_v2产生Error行" # 规则名称(对应告警服务)
type: frequency
index: pord01-flymoonlog-pord01-fly-moon-email_v2-2025.* # 索引模式
num_events: 1 # 触发阈值至少1条错误日志
timeframe:
minutes: 5
# 查询条件(筛选错误日志)
filter:
- query:
query_string:
query: "message:error OR level:error"
# 包含的字段(展示在告警中)
include: ["@timestamp", "message", "error_code", "stack_trace"]
# 飞书卡片告警配置
alert:
- "elastalert_modules.feishu_alert.FeishuAlerter" # 指向自定义模块
feishu_webhook_url: "https://open.feishu.cn/open-apis/bot/v2/hook/8bd6a15d-90f0-4f4f-a1b1-bd105f31ea06"
feishu_msg_type: "interactive" # 必须为 interactive卡片消息
# 自定义卡片模板
feishu_card_template: |
{
"header": {
"title": {
"tag": "plain_text",
"content": "异常告警"
},
"template": "red" # 红色标题(可选 blue/turquoise/green/yellow/orange/red/purple
},
"elements": [
{
"tag": "div",
"fields": [
{
"is_short": true,
"text": {
"tag": "lark_md",
"content": "**触发时间**: {{timeformat trigger_time}}"
}
},
{
"is_short": true,
"text": {
"tag": "lark_md",
"content": "**发送时间**: {{timeformat timestamp}}"
}
},
{
"is_short": false,
"text": {
"tag": "lark_md",
"content": "**告警服务**: {{rule_name}}"
}
},
{
"is_short": false,
"text": {
"tag": "lark_md",
"content": "**触发时值**: {{num_hits}} 条"
}
}
]
},
{
"tag": "hr" # 分隔线
},
{
"tag": "div",
"text": {
"tag": "lark_md",
"content": "**错误详情**:\n{{#hits}}- 时间: {{_@timestamp}}\n 信息: {{_message}}\n {{#_error_code}}错误码: {{_error_code}}{{/_error_code}}\n{{/hits}}"
}
},
{
"tag": "action",
"actions": [
{
"tag": "button",
"text": {
"tag": "plain_text",
"content": "查看日志详情"
},
"url": "http://192.168.60.21:5601/app/r/s/k5twq"
}
]
}
]
}
# 自定义变量传递
alert_text_args:
- trigger_time # 触发时间ElastAlert2 内置变量)
- timestamp # 发送时间ElastAlert2 内置变量)
- num_hits # 触发时值(匹配的日志条数)
- rule_name # 告警服务(规则名称)
- hits # 日志详情(包含 include 的字段)