odfe-monitor-cli enables you to manage and organize Elasticsearch Alerting monitors through YAML file.
Excellent question. So many reasons:
From source:
$ go get github.com/mihirsoni/odfe-monitor-cli/
From binary to ./bin/odfe-monitor-cli
:
$ curl -sfL https://raw.githubusercontent.com/mihirsoni/odfe-monitor-cli/master/godownloader.sh | bash
From binary to /usr/local/bin/odfe-monitor-cli
:
$ curl -sfL https://raw.githubusercontent.com/mihirsoni/odfe-monitor-cli/master/godownloader.sh | bash -s -- -b /usr/local/bin
Currently, this CLI doesn't support how the destinations are managed. This will be supported in up-coming versions. For now, after installing you can run the commands to sync your destinations.
odfe-monitor-cli sync --destinations
This command will create auto-generated destinations file with names and destinationId , so that they're easy to refer inside monitors.
odfe-monitor-cli sync --monitors
This command will create monitors.yaml
and write remote monitors to local files and you can start off managing your monitors.
odfe-monitor-cli diff
This command will show difference between remote and local monitors.
odfe-monitor-cli -e https://localhost:9200 -u admin -p admin -r your/yaml/files/ push --submit
Publish local monitors to remote Elasticsearch cluster:
--submit
flag is added. This flag could override your changes if you edited an existing monitor in Kibana (or by any other way).--delete
along with --submit
to delete all untracked monitors. Be careful---this can't be undone.Sample monitor
- name: 'Sample Alerting monitor'
type: 'monitor'
schedule:
period:
interval: 10
unit: MINUTES
enabled: true
inputs:
- search:
indices:
- log*
query: # This block should be valid Elasticsearch query
size: 0
query:
match_all: {
boost: 1.0
}
triggers:
- name: '500'
severity: '2'
condition: | #This is how you can create multiline strings
// Performs some crude custom scoring and returns true if that score exceeds a certain value
int score = 0;
for (int i = 0; i < ctx.results[0].hits.hits.length; i++) {
// Weighs 500 errors 10 times as heavily as 503 errors
if (ctx.results[0].hits.hits[i]._source.http_status_code == "500") {
score += 10;
} else if (ctx.results[0].hits.hits[i]._source.http_status_code == "503") {
score += 1;
}
}
if (score > 99) {
return true;
} else {
return true;
}
actions:
- name: Sample Action
destinationId: test_my_destination #This destination should be available in destinations.yaml file otherwise it will throw an error.
subject: 'There is an error'
message: |
Monitor {{ctx.monitor.name}} just entered an alert state. Please investigate the issue.
- Trigger: {{ctx.trigger.name}}
- Severity: {{ctx.trigger.severity}}
- Period start: {{ctx.periodStart}}
- Period end: {{ctx.periodEnd}}
diff
and applying diff.