Elastalert 插件安裝
參考:https://elastalert.readthedocs.io/en/latest/running_elastalert.html
安裝 pip
$ wget https://bootstrap.pypa.io/get-pip.py
$ python get-pip.py
下載模塊
$ pip install "setuptools>=11.3"
$ python setup.py install
通過(guò) git 安裝或者 pip 安裝
$ cd /usr/local/
$ git clone https://github.com/Yelp/elastalert.git
Elasticsearch 6.3:
$ pip install "elasticsearch>=6.3.1"
創(chuàng)建索引:
$ /usr/local/elastalert master elastalert-create-index
Elastic Version:6
Mapping used for string:{'type': 'keyword'}
Index elastalert_status already exists. Skipping index creation.
在這可以發(fā)現(xiàn)索引已經(jīng)有了吆寨,查看一下索引:
curl 'localhost:9200/_cat/indices?v'
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open elastalert_status fR_R5bOGSqCFS6ezK2RMNA 5 1 0 0 1.2kb 1.2kb
出現(xiàn)了一個(gè)錯(cuò)誤:
yaml.parser.ParserError: while parsing a block mapping
in "example_rules/example_frequency.yaml", line 20, column 1
did not find expected key
in "example_rules/example_frequency.yaml", line 46, column 2
是因?yàn)?code>example_frequency.yaml 里添加的 SMTP 配置前面有空格艺蝴,yaml 一定要注意空格的問(wèn)題!