我正在创建一个应用程序,我需要为某些特定日志发送邮件.这是我的规则文件:
es_host: localhost
es_port: 9200
name: Log Level Test
type: frequency
index: testindexv4
num_events: 1
timeframe:
hours: 4
filter:
- term:
log_level.keyword: "ERROR"
- query:
query_string:
query: "log_level.keyword: ERROR"
alert:
- "email"
email:
- "<mailId>@gmail.com"
Run Code Online (Sandbox Code Playgroud)
这是config.yaml
rules_folder: myrules
run_every:
seconds: 2
buffer_time:
seconds: 10
es_host: localhost
es_port: 9200
writeback_index: elastalert_status
alert_time_limit:
days: 2
Run Code Online (Sandbox Code Playgroud)
这是smpt_auth.yaml
alert:
- email
email:
- "<mailId>@gmail.com"
smtp_host: "smtp.gmail.com"
smtp_port: 587
smtp_ssl: true
from_addr: "<mailId>@gmail.com"
smtp_auth_file: 'D:\ELK_Info\ElastAlert\elastalert-master\smtp_auth_user.yaml'
Run Code Online (Sandbox Code Playgroud)
这是smtp_auth_user.yaml
user: "<mailId>@gmail.com"
password: "<password>"
Run Code Online (Sandbox Code Playgroud)
当我运行此命令时:
python -m elastalert.elastalert --verbose …Run Code Online (Sandbox Code Playgroud)