name: "flymoon-email_v2产生Error行" # 规则名称(对应告警服务) type: frequency index: pord01-flymoonlog-pord01-fly-moon-email_v2-2025.* # 索引模式 num_events: 1 # 触发阈值(至少1条错误日志) timeframe: minutes: 5 # 查询条件(筛选错误日志) filter: - query: query_string: query: "message:error OR level:error" # 包含的字段(展示在告警中) include: ["@timestamp", "message", "error_code", "stack_trace"] # 飞书卡片告警配置 alert: - "elastalert_modules.feishu_alert.FeishuAlerter" # 指向自定义模块 feishu_webhook_url: "https://open.feishu.cn/open-apis/bot/v2/hook/8bd6a15d-90f0-4f4f-a1b1-bd105f31ea06" feishu_msg_type: "interactive" # 必须为 interactive(卡片消息) # 自定义卡片模板 feishu_card_template: | { "header": { "title": { "tag": "plain_text", "content": "异常告警" }, "template": "red" # 红色标题(可选 blue/turquoise/green/yellow/orange/red/purple) }, "elements": [ { "tag": "div", "fields": [ { "is_short": true, "text": { "tag": "lark_md", "content": "**触发时间**: {{timeformat trigger_time}}" } }, { "is_short": true, "text": { "tag": "lark_md", "content": "**发送时间**: {{timeformat timestamp}}" } }, { "is_short": false, "text": { "tag": "lark_md", "content": "**告警服务**: {{rule_name}}" } }, { "is_short": false, "text": { "tag": "lark_md", "content": "**触发时值**: {{num_hits}} 条" } } ] }, { "tag": "hr" # 分隔线 }, { "tag": "div", "text": { "tag": "lark_md", "content": "**错误详情**:\n{{#hits}}- 时间: {{_@timestamp}}\n 信息: {{_message}}\n {{#_error_code}}错误码: {{_error_code}}{{/_error_code}}\n{{/hits}}" } }, { "tag": "action", "actions": [ { "tag": "button", "text": { "tag": "plain_text", "content": "查看日志详情" }, "url": "http://192.168.60.21:5601/app/r/s/k5twq" } ] } ] } # 自定义变量传递 alert_text_args: - trigger_time # 触发时间(ElastAlert2 内置变量) - timestamp # 发送时间(ElastAlert2 内置变量) - num_hits # 触发时值(匹配的日志条数) - rule_name # 告警服务(规则名称) - hits # 日志详情(包含 include 的字段)