概述

对于Kibana的一些数据我们有时候是想要对某些字段进行持续关注的，这时候通过报警的手段就可以大幅提升对这些信息状态了解的及时性及可靠性。使用sentinl插件就可以帮助我们实现这个功能。前面已经介绍了怎么部署sentinl，所以今天主要介绍下怎么用sentinl去实现告警。

1、获取钉钉报警机器人的webhook链接

在这里可以获得webhook:

2、kibana配置sentinl

流程图如下：

2.1.在kibana界面上配置sentinl，点击右上角new创建watchers

2.2.编辑watchers

2.3.编写body

body的内容如下：

{
 "actions": {
 "Webhook_15a9214e-58a9-4d73-ae20-aa2845123": {
 "name": "Webhook",
 "throttle_period": "10s",
 "webhook": {
 "priority": "low",
 "stateless": true,
 "method": "POST",
 "host": "oapi.dingtalk.com",
 "port": "443",
 "path": "/robot/send?access_token=de5442xxx",
 "body": "{\r\n \"msgtype\": \"text\", \r\n \"text\": {\r\n \"content\": \"{{watcher.title}} \n 主机名:{{payload.hits.hits.0._source.host.name}} \n 最近一分钟异常次数:{{payload.hits.total}} \n 异常信息：{{payload.hits.hits.0._source.message}}\"\n }\r\n}",
 "params": {
 "watcher": "{{watcher.title}}",
 "payload_count": "{{payload.hits.total}}"
 },
 "headers": {
 "Content-Type": "application/json"
 },
 "auth": "",
 "message": "",
 "use_https": true
 }
 }
 },
 "input": {
 "search": {
 "request": {
 "index": [
 "fsl_prod*"
 ],
 "body": {
 "query": {
 "bool": {
 "must": [
 {
 "range": {
 "@timestamp": {
 "gte": "now-1m/m",
 "lte": "now/m",
 "format": "epoch_millis"
 }
 }
 },
 {
 "query_string": {
 "analyze_wildcard": true,
 "query": "error"
 }
 }
 ]
 }
 },
 "size": 1
 }
 }
 }
 },
 "condition": {
 "script": {
 "script": "payload.hits.total > 0"
 }
 },
 "trigger": {
 "schedule": {
 "later": "every 10 seconds"
 }
 },
 "disable": true,
 "report": false,
 "title": "Tomcat服务异常告警",
 "save_payload": false,
 "spy": false,
 "impersonate": false
}

界面展示：

3、测试

钉钉告警界面如下

觉得有用的朋友多帮忙转发哦！后面会分享更多devops和DBA方面的内容，感兴趣的朋友可以关注下~