监控指点时间内502日志超过阀值的微信报警
#!/usr/bin/env Python
# -*- coding:utf-8 -*-
#Author: gaogd
import weixin_alter as weixin
from elasticsearch import Elasticsearch
import json,time ,datetime
now_day=time.strftime('%Y.%m.%d',time.localtime(time.time()))
es = Elasticsearch([{'host':'172.3.11.179','port':9200}])
index='logstash-nginx_access-%s'%now_day
body ={
"query": {
"bool": {
"filter": [
{ "term": { "status": "502" }},
{
"range" : {
"@timestamp" : {
"gt": "now-15m",
"lt": "now"
},
},
},
]
}
},
"aggs": {
"group_by_source": {"terms": {"field": "params.source"}}
},
"size": 0
}
res=es.search(index=index, body=body)
# res=es.search(index=index, q=QueryCondition)
num= res['hits']['total']
# print '502错误量:',num
if int(num) > 20:
with open('./alter','r') as f:
time=f.read()
if len(time) == 0 or int(time) == 0 or int(time) >= 15:
print u'502告警! 最近1分钟内日志出现502 错误的有: %s 次\n %s' % (num,datetime.datetime.now())
content = u'502告警!!! \n最近1分钟内前端日志出现502错误\n一分钟内有: %s 次' % (num)
weixin.WeixinSend(str(content))
with open('./alter','w+') as f:
f.write('1')
elif 0 < int(time) <=15:
time=int(int(time)+1)
print '---------->',time
with open('./alter', 'w+') as f:
f.write(str(time))
exit()
else:
with open('./alter','r') as f:
num1=f.read()
if int(num1) > 0:
print u'502告警恢复!\n日志502错误已经恢复\n最近1分钟内日志出现502 错误少于20次\n现在错误次数为: %s 次\n %s' % (num,datetime.datetime.now())
content = u'502告警恢复!!!\n 日志502错误已经恢复 最近1分钟内日志出现502 错误少于20次\n现在错误次数为: %s 次' % num
weixin.WeixinSend(str(content))
with open('./alter', 'w+') as f:
f.write('0')
使用Elasticsearch + Logstash + Kibana搭建日志集中分析平台实践
Ubuntu 14.04搭建ELK日志分析系统(Elasticsearch+Logstash+Kibana)
Ubuntu 14.04中Elasticsearch集群配置