Skip to content

zeeshan-siddiquie/elastalert-tutorial

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
configurations
configurations
 
 
pre-requisites
pre-requisites
 
 
rules
rules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Alerting with Elastalert


This will get you started with Alerting using Yelp's alternative to the alerting feature of X-Pack from Elastic.

Repository structure

  • configurations

    • config.yaml - configurations file for elastalert
    • smtp_auth_file.yaml - authentication file for alerting via email
    • zdaemon.conf - configuration file for runneing elastalert as a daemon using zdaemon

  • rules - contains sample configurations rules to alert on CPU, memory and disk usage

  • requirements.txt - required python dependencies


1. Requirements

  • Elasticsearch

  • ISO8601 or Unix timestamped data

  • Python 2.7


2. Installation

If you're using Anaconda, do the following:

  • Create a new conda environment: conda create --name <name> python=2.7 -y.

  • Switch to the created environment: source activate <name>.

  • Install pip in the same environment: conda install pip. This is needed because most of the Elasalert package dependencies are not present in the Continuum channels.

Refer https://goo.gl/7QUSo2 for details on sharing a Conda environment. <br/ >

Installing Elastalert

  • Execute pip install -r requirements.txt to install the dependencies.

  • Finally, run pip install elastalert.


3. Getting started

  • Create an index for ElastAlert to write to by running elastalert-create-index and follow the input prompts.

  • Clone the Elastalert repo: git clone https://github.com/yelp/elastalert.

  • Navigate to the cloned repo and create config.yaml file with these settings:

rules_folder: alert_rules
run_every:
  seconds: 10
buffer_time:
  seconds: 10
#es_username: <username>
#es_password: <password>
es_host: localhost
es_port: 9200
alert_time_limit:
  days: 1
  • Create a directory called alert_rules. Navigate to it and create your yaml rule files in the same folder.

4. Running Elastalert

Testing a rule

  • elastalert-test-rule alert_rules/<your_rule_name>.yaml.

Running a single rule

  • python -m elastalert.elastalert --verbose --rule <your_rule_name>.yaml.

Running multiple rules

  • python -m elastalert.elastalert --verbose --config config.yaml

This will load all the rules present in the alert_rules directory.

5. Running Elastalert as a daemon

  • Install zdaemon: pip install zdaemon. (https://goo.gl/FCww8S)

  • Create a zdaemon.conf file with these contents:

<runner>
  program python -m elastalert.elastalert --conf config.yaml
  socket-name /tmp/elastalert.zdsock
  forever true
</runner>

  • To start Elastalert, execute: zdaemon -C zdaemon.conf start.

  • To stop Elastalert, execute: zdaemon -C zdaemon.conf stop.


6. Additional configurations

  • Alerting via Email

    • In the yaml file of the specific rule, append the following:
      alert:
  - email
  email: 
  	- "<email-to-which-the-alert-will-be-sent>"
  smtp_host: "smtp.gmail.com" #for google email addresses
  smtp_port: 465 #for google email addresses
  smtp_ssl: true
  from_addr: "<email-from-which-the-alert-will-be-sent>"
  smtp_auth_file: "<name-of-the-authentication-file>.yaml"
    • Contents of the smtp_auth_file.yaml include user and password fields:
      user: "<email-address>"
  password: "<password>"

  • Alerting via Slack

    • In the yaml file of the specific rule, append the following:
      alert:
   - slack
  slack_webhook_url: "<webhook-url-of-the-slack-channel>"
  slack_channel_override: "#<channel-name>"
  slack_username_override: "@<user-name>"

License

MIT

About

Get started with Elastalert from Yelp

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published