1

我正在尝试从 bosun 在 elasticsearch 中插入警报,但我不知道如何$timestamp用当前时间填充变量(看看我的示例)。我可以在 中使用函数bosun.conf吗?我想要类似的东西now()。有人可以帮我吗?

这是示例配置的摘录:

macro m1
{
    $timestamp = **???**
}
notification http_crit
{
    macro = m1
    post =  http://xxxxxxx:9200/alerts/http/
    body = {"@timestamp":$timestamp,"level":"critical","alert_name":"my_alert"}
    next = http_crit
    timeout = 1m
}
alert http
{
    template = elastic
    $testHTTP = lscount("logstash", "", "_type:stat_http,http_response:200", "1m", "5m", "")
    $testAvgHTTP  = avg($testHTTP)
    crit = $testAvgHTTP < 100
    critNotification = http_crit
}
4

1 回答 1

0

我们使用.State.Touched.Format最近.Last.Time.Format在 master 分支中重命名为的。格式字符串是go time format,您必须让它打印弹性期望的正确格式。

template elastic {
    subject = `Time: {{.State.Touched.Format "15:04:05UTC"}}`
}
//Changed on 2016 Feb 01 to
template elastic {
    subject = `Time: {{.Last.Time.Format "15:04:05UTC"}}`
}

渲染时的样子:

时间:01:30:13UTC

于 2016-02-05T17:27:31.757 回答