我试图让 Logstash 在 10 分钟内收到超过 1000 个项目后才提醒我。我需要 Hipchat 和 PagerDuty 中的警报。
我的配置看起来合理,但没有按预期工作。
filter {
if my_filtering_conditional_that_is_100%_correct {
throttle {
before_count => 1000
period => 600
add_tag => ["PD"]
key => "string"
}
clone {
add_tag => ["Count"]
}
}
if "Count" in [tags] {
throttle {
before_count => 1000
period => 600
add_tag => ["HC"]
key => "string"
}
}
}
output {
if "PD" in [tags] {
pagerduty {
event_type => trigger
incident_key => "logstash/Logstash"
service_key => Pagerduty_API_key
workers => 1
description => "Alert message"
}
}
if "HC" in [tags] {
hipchat {
color => "random"
from => "Logstash"
format => "Alert message"
room_id => "Room"
token => "token"
}
}
}
使用指标过滤器可能会取得更好的成功。
filter {
my_filtering_conditional_that_is_100%_correct {
metrics {
meter => [ "events" ]
flush_interval => 600
clear_interval => 600
add_tag => "events"
}
}
}
output {
if "events" in [tags] {
if [events][count] > 1000 {
# do things
}
}
}
| 归档时间: |
|
| 查看次数: |
806 次 |
| 最近记录: |