Get started with Elastalert from Yelp
configurations
rules - contains sample configurations rules to alert on CPU, memory and disk usage
requirements.txt - required python dependencies
Elasticsearch
ISO8601 or Unix timestamped data
Python 2.7
If you're using Anaconda, do the following:
Create a new conda environment: conda create --name <name> python=2.7 -y
.
Switch to the created environment: source activate <name>
.
Install pip in the same environment: conda install pip
. This is needed because most of the Elasalert package dependencies are not present in the Continuum channels.
Refer https://goo.gl/7QUSo2 for details on sharing a Conda environment. <br/ >
Execute pip install -r requirements.txt
to install the dependencies.
Finally, run pip install elastalert
.
Create an index for ElastAlert to write to by running elastalert-create-index
and follow the input prompts.
Clone the Elastalert repo: git clone https://github.com/yelp/elastalert
.
Navigate to the cloned repo and create config.yaml file with these settings:
rules_folder: alert_rules
run_every:
seconds: 10
buffer_time:
seconds: 10
#es_username: <username>
#es_password: <password>
es_host: localhost
es_port: 9200
alert_time_limit:
days: 1
elastalert-test-rule alert_rules/<your_rule_name>.yaml
.python -m elastalert.elastalert --verbose --rule <your_rule_name>.yaml
.python -m elastalert.elastalert --verbose --config config.yaml
This will load all the rules present in the alert_rules directory.
Install zdaemon: pip install zdaemon
. (https://goo.gl/FCww8S)
Create a zdaemon.conf file with these contents:
<runner>
program python -m elastalert.elastalert --conf config.yaml
socket-name /tmp/elastalert.zdsock
forever true
</runner>
To start Elastalert, execute: zdaemon -C zdaemon.conf start
.
To stop Elastalert, execute: zdaemon -C zdaemon.conf stop
.
Alerting via Email
alert:
- email
email:
- "<email-to-which-the-alert-will-be-sent>"
smtp_host: "smtp.gmail.com" #for google email addresses
smtp_port: 465 #for google email addresses
smtp_ssl: true
from_addr: "<email-from-which-the-alert-will-be-sent>"
smtp_auth_file: "<name-of-the-authentication-file>.yaml"
user: "<email-address>"
password: "<password>"
Alerting via Slack
alert:
- slack
slack_webhook_url: "<webhook-url-of-the-slack-channel>"
slack_channel_override: "#<channel-name>"
slack_username_override: "@<user-name>"