Elasticsearch JIRA Alert and Email Notification using ElastAlert Library


In this post, I will be giving you sample example of how to create alerts and notifications on top of Elasticsearch using ElastAlert Library(opensource library from Yelp, https://github.com/Yelp/elastalert).

Requirements:
  Python 2.6/2.7
  pip

Step 1: clone the ElastAlert library
            git clone https://github.com/Yelp/elastalert.git

Step 2 : python setup.py install

Step 3: pip install -r requirements.txt

Step 4: Now start the elasticsearch and run below command from ElastAlert Library folder 
            elastalert-create-index 

 This will create index called "elastalert_status"  in elasticsearch, where all the alerts send and debugging information is stored.

Step 5: make sure you have config.yaml file properly configured with your elasticsearch host-port and rules folder where all alert rules file are located

Step 6: Now you can write your own rule file in your rules folder
            Sample Email Alert rule file content is as below, which send email notification whenever mentioned event(value of    y=50) occurs minimum 3 times within an hour


# Alert when the rate of events exceeds a threshold

# (Optional)
# Elasticsearch host
es_host: localhost
 -
# (Optional)
# Elasticsearch port
es_port: 9200

# (OptionaL) Connect with SSL to elasticsearch
#use_ssl: True

# (Optional) basic-auth username and password for elasticsearch
#es_username: someusername
#es_password: somepassword

# (Required)
# Rule name, must be unique
name: Example rule

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency

# (Required)
# Index to search, wildcard supported
index: logstash-*

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 3

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
  hours: 1

# (Required)
# A list of elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- term:
    y: 50

# (Required)
# The alert is use when a match is found
alert:
- "email"

# (required, email specific)
"my_rules/example_frequency.yaml" 68L, 1675C

# The alert is use when a match is found
alert:
- "email"

# (required, email specific)
# a list of email addresses to send alerts to
email:
- "sendto@abc.com"

smtp_host: HOST URL
smtp_port: PORT NO.
from_addr: "xyz@abc.com"

Step 7: we can test whether our written rule is perfect or not as per syntax using below command
        elastalert-test-rule my_rules/email_rule.yaml

Step 8: Finally running our alert using below command
            python -m elastalert.elastalert --verbose --rule my_rules/email_rule.yaml

 For more detailed information refer source : http://elastalert.readthedocs.io/en/latest/

 (Note: While creating JIRA alert, set the jira_project property to the short name of the project, refer : http://stackoverflow.com/questions/38447519/http400-project-is-required-error-while-creating-jira-alert-using-yelp-elasta/38516278#38516278

https://github.com/Yelp/elastalert/issues/641

 )




Location: San Francisco, CA, USA

Comments

Post a Comment

Popular posts from this blog

Web Application using Spring Tool Suite,Gradle and Scala

Image
Step 1 : Install Gradle on your windows system.             Download link:  http://gradle.org/  (version 2.2.1) Set the Path environment variable to: your path\gradle-2.2.1-all\gradle-2.2.1\bin Step 2 : Install Scala on your system.            Download Link:  http://www.scala-lang.org/download/   (version 2.11.4) As above set the Path environment variable to :  C:\Program Files\scala\bin; Step 3: Install  Spring STS with scala IDE plug in              Download Link :  http://spring.io/tools/sts Step 4 : clone this Hello-World github code in your system              Link : git clone   https://github.com/vaibhavtupe/hello-world Important files: build.gradle Mention your gradle version correctly in this file. And also mention spring boot application main class file. buil...
Read more

Using Logstash for large scale log analysis along with MongoDB

Image
This simple demo will give you an idea on how to use the logstash for large scale analysis of logs along with MongoDB. MongoDB can be used to store the large amount of logs. These logs further can be used to perform analytic by bringing into SQL DB as per requirement or as per time frame. Step 1: Installing the Contrib package which has MongoDB plugin   Option 1:  Using Script    vaibhav@ubuntu:~/logstash-1.4.2$ bin/plugin install contrib   As per ( https://github.com/elasticsearch/logstash/issues/1658 ) if this fails there is option 2 to install contrib package. Option 2: Install the contrib package in same directory, in which the Logstash is installed. wget http://download.elasticsearch.org/logstash/logstash/logstash-contrib-1.4.2.tar.gz  tar zxf logstash-contrib-1.4.2.tar.gz Step 2:  Modify the configuration file for the logstash with with the credentials for the MongoDB as output. Input to the logstash is simp...
Read more