Kibana 不发送有关新数据的警报
[英]Kibana not sending alert on new data
问题描述
I have an Alert setup on Kibana (v7.1.1) for sending an alert whenever an OutOfMemory log is encountered.
我在 Kibana (v7.1.1) 上有一个警报设置,用于在遇到 OutOfMemory 日志时发送警报。 The trigger is setup with severity 2 to send alert to a list of email with Throttle actions to only trigger every 5mins .触发器设置为严重性为 2 以将警报发送到带有Throttle actions to only trigger every 5mins的电子邮件列表, Throttle actions to only trigger every 5mins 。 This alert creates a trigger after 10 mins from the creation time and keeps sending alert until I click Acknowledge it.此警报在创建时间 10 分钟后创建一个触发器,并一直发送警报,直到我单击“ Acknowledge 。 Once I click Acknowledge the trigger is not generated ever again even though OOM logs are being generated.单击Acknowledge ,即使正在生成 OOM 日志,也不会再次生成触发器。
I want this to send alert whenever a new OOM log is encountered and stop for next 5 mins (by enabling throttling) if OOM logs still keep generating.我希望它在遇到新的 OOM 日志时发送警报,如果 OOM 日志仍在生成,则在接下来的 5 分钟内停止(通过启用节流)。 Following are the monitor details:以下是监视器的详细信息:
Monitor Name : OOM Alert监视器名称:OOM 警报
Schedule : By interval every 5mins时间表:每隔5分钟一班
Define Monitor : Define using extraction query定义监视器:使用提取查询定义
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "{{period_end}}||-1d",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"should": [
{
"wildcard": {
"log": {
"wildcard": "*outofmemory*",
"rewrite": "constant_score",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
}
1 个解决方案
解决方案1
0 2020-03-03 19:27:59
can you try to change the date filter to this:您可以尝试将日期过滤器更改为:
"range": {
"@timestamp": {
"gte": "now-16h",
"lt": "now"}}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.