配置之后查询不到数据

[llnbe]

DEBU[2024-03-11 16:00:22] rules: rules/nginx.rule.yaml index: nginx-access-log-* dsl: {"query":{"bool":{"must":[{"query_string":{"query":"status:404"}},{"range":{"@timestamp":{"format":"strict_date_optional_time","gte":"2024-03-11T15:50:22.160+08:00","lte":"2024-03-11T16:00:22.160+08:00"}}}]}}} hits_num: 0

我的配置文件： exporter: enabled: true listen_addr: ":9003" loader: type: "FileLoader" config: rules_folder: "rules" rules_folder_recursion: false alert: alertmanager: url: "http://192.168.1.10:9093/api/v2/alerts" basic_auth: username: "" password: "" generator: base_url: "http://192.168.1.10:9003/alert/message" expire: days: 1 redis: addr: "10.143.254.209" port: 6379 password: "passwprd" db: 0 run_every: seconds: 10 buffer_time: minutes: 10 alert_time_limit: minutes: 10 max_scrolling_count: 5

nginx.rule.yaml unique_id: "NginxErrorLog" enabled: true es: addresses:

• "http://192.168.10.10:9200" username: "test" password: "test" conn_timeout: 300 version: "v7" index: "nginx-access-log-*" run_every: seconds: 5 query: type: "frequency" query_string: 'status:404' config: timeframe: minutes: 3 num_events: 2 labels: alertname: "NginxErrorLog" instance: "localhost" severity: "warning" for_time: "2min" threshold: "3" annotations: description: "Nginx error日志条数 {{ .value }} > {{ .threshold }}" summary: "Nginx错误日志告警"

[dream-mo]

DEBU[2024-03-11 16:00:22] rules: rules/nginx.rule.yaml index: nginx-access-log-* dsl: {"query":{"bool":{"must":[{"query_string":{"query":"status:404"}},{"range":{"@timestamp":{"format":"strict_date_optional_time","gte":"2024-03-11T15:50:22.160+08:00","lte":"2024-03-11T16:00:22.160+08:00"}}}]}}} hits_num: 0

我的配置文件： exporter: enabled: true listen_addr: ":9003" loader: type: "FileLoader" config: rules_folder: "rules" rules_folder_recursion: false alert: alertmanager: url: "http://192.168.1.10:9093/api/v2/alerts" basic_auth: username: "" password: "" generator: base_url: "http://192.168.1.10:9003/alert/message" expire: days: 1 redis: addr: "10.143.254.209" port: 6379 password: "passwprd" db: 0 run_every: seconds: 10 buffer_time: minutes: 10 alert_time_limit: minutes: 10 max_scrolling_count: 5

nginx.rule.yaml unique_id: "NginxErrorLog" enabled: true es: addresses: - "http://192.168.10.10:9200" username: "test" password: "test" conn_timeout: 300 version: "v7" index: "nginx-access-log-*" run_every: seconds: 5 query: type: "frequency" query_string: 'status:404' config: timeframe: minutes: 3 num_events: 2 labels: alertname: "NginxErrorLog" instance: "localhost" severity: "warning" for_time: "2min" threshold: "3" annotations: description: "Nginx error日志条数 {{ .value }} > {{ .threshold }}" summary: "Nginx错误日志告警"

将es的查询语句放到kibana执行，看下是否有结果。有可能你的查询条件本身就没查到数据，和告警组件没关系