stackoom
  简体   繁体   中英

How to get values from logs in alerts text message in Elasticsearch Kiban

 原文  2021-05-20 15:35:22       elasticsearch/ kibana/ alert

Question

I am continuously sending health data of my Ubuntu machine to elasticsearch using td-agent. This health data contains cpu temperature which I have to monitor. So I have created alerts in which is the temperature value increses to more than 60*F, it gives alerts on my Microsoft Teams channel. This all setup is working fine.

Below is the logs data:

{
  "_index": "health_skl_gateway",
  "_type": "_doc",
  "_id": "DwxjinkBwxSy0OQ_4rhS",
  "_version": 1,
  "_score": null,
  "_source": {
    "Data": {
      "WiFiIP": "N/A",
      "signal_strength": "N/A",
      "signal_percent": 0,
      "signal_level": "N/A",
      "EthIP": "192.168.100.30 ",
      "TotalDisk": "916G",
      "UsedDisk": "40G",
      "FreeDisk": "830G",
      "DiskPercent": "5%",
      "TotalRAM": "16312468",
      "UsedRAM": "3735596",
      "FreeRAM": "5866548",
      "CPU": 27,
      "cpu_temp": 57,
      "Internet": true,
      "Publish msg count": 442,
      "Created": "2021-05-20T15:26:51.557564",
      "DeviceId": "TX-G1-318",
      "UpTime": "2021-05-19T07:13:05"
    },
    "hostname": "TX-G1-318",
    "Version": "V2"
  },
  "fields": {
    "Data.UpTime": [
      "2021-05-19T07:13:05.000Z"
    ],
    "Data.Created": [
      "2021-05-20T15:26:51.557Z"
    ]
  },
  "sort": [
    1621524411557
  ]
}

In alerting of Kibana, I have set alerts in which if the count is 3, of all documents of index health_skl_gateway , for last 10 minutes , where Data.cpu_temp is greater than 60 , it generates alerts to Microsoft Teams channel. Now below is how I have configured the message which is sent to Microsoft teams

在此处输入图像描述

So in the message, I am just sending the static text message. But I want to send the actual Data.cpu_temp value in the messsage.

Is this possible. How can we do this? Thanks

1 answers

solution1
 0  2021-05-20 18:30:43

Did you try using double braces? Like this . I guess mapping is done in the same way for all alert types.

In the server monitoring example, the email action type is used, and server is mapped to the body of the email, using the template string CPU on {{server}} is high.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Elasticsearch get unique values from a text value How to get the analyzed text from the elasticsearch database How to send logs from serilog file into elasticsearch How to copy elasticsearch indices or logs from one elasticsearch server to another? How to gather logs to Elasticsearch get data from elasticsearch, mysql, google analytics, logs, and create statistic How to get exact text match from elasticsearch if the query is between quotes How to get more than 10K logs/results in Elasticsearch Extracting and aggregating text values from a field with Elasticsearch Need to know for how long a node was up from logs in Elasticsearch
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM